GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,420 advisories
Filter by severity
Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing
Moderate
CVE-2024-25151
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Cross-site Scripting Vulnerability in Statement Browser
Moderate
CVE-2024-26140
was published
for
com.yetanalytics:lrs
(Maven)
Feb 21, 2024
Liferay Portal vulnerable to Denial of Service
Moderate
CVE-2024-26265
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Feb 20, 2024
Session Fixation Apache DolphinScheduler
Moderate
CVE-2023-50270
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file
Moderate
CVE-2024-26308
was published
for
org.apache.commons:commons-compress
(Maven)
Feb 19, 2024
Hazelcast Platform permission checking in CSV File Source connector
Moderate
CVE-2023-45860
was published
for
com.hazelcast:hazelcast
(Maven)
Feb 16, 2024
Absolute path traversal vulnerability in digdag server
Moderate
CVE-2024-25125
was published
for
io.digdag:digdag-server
(Maven)
Feb 14, 2024
Undertow Path Traversal vulnerability
Moderate
CVE-2024-1459
was published
for
io.undertow:undertow-core
(Maven)
Feb 12, 2024
Denial of Service in Connect2id Nimbus JOSE+JWT
Moderate
CVE-2023-52428
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
Feb 11, 2024
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
Moderate
CVE-2023-50386
was published
for
org.apache.solr:solr-core
(Maven)
Feb 9, 2024
Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies
Moderate
CVE-2023-50291
was published
for
org.apache.solr:solr-core
(Maven)
Feb 9, 2024
Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds
Moderate
CVE-2023-50298
was published
for
org.apache.solr:solr-solrj
(Maven)
Feb 9, 2024
Micronaut management endpoints vulnerable to drive-by localhost attack
Moderate
CVE-2024-23639
was published
for
io.micronaut:micronaut-http-server
(Maven)
Feb 9, 2024
Liferay Portal allows attackers to discover the existence of sites
Moderate
CVE-2024-25146
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
Liferay Portal denial-of-service vulnerability
Moderate
CVE-2024-25144
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
Liferay Portal's account lockout does not invalidate existing user sessions
Moderate
CVE-2023-47798
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
Graylog session fixation vulnerability through cookie injection
Moderate
CVE-2024-24823
was published
for
org.graylog2:graylog2-server
(Maven)
Feb 7, 2024
Apache Ozone Improper Authentication vulnerability
Moderate
CVE-2023-39196
was published
for
org.apache.ozone:ozone-main
(Maven)
Feb 7, 2024
Spring Security's spring-security.xsd file is world writable
Moderate
CVE-2023-34042
was published
for
org.springframework.security:spring-security-config
(Maven)
Feb 6, 2024
Malicious input can provoke XSS when preserving comments
Moderate
CVE-2024-23635
was published
for
org.owasp.antisamy:antisamy
(Maven)
Feb 2, 2024
Duplicate Advisory: Central Dogma Authentication Bypass Vulnerability via Session Leakage
Moderate
GHSA-qfv2-3p2f-vg48
was published
for
com.linecorp.centraldogma:centraldogma-server
(Maven)
Feb 2, 2024
•
withdrawn
CrateDB database has an arbitrary file read vulnerability
Moderate
CVE-2024-24565
was published
for
io.crate:crate
(Maven)
Jan 30, 2024
Path traversal vulnerability in Jenkins Matrix Project Plugin
Moderate
CVE-2024-23900
was published
for
org.jenkins-ci.plugins:matrix-project
(Maven)
Jan 24, 2024
CSRF vulnerability in Jenkins GitLab Branch Source Plugin
Moderate
CVE-2024-23902
was published
for
io.jenkins.plugins:gitlab-branch-source
(Maven)
Jan 24, 2024
Shared projects are unconditionally discovered by Jenkins GitLab Branch Source Plugin
Moderate
CVE-2024-23901
was published
for
io.jenkins.plugins:gitlab-branch-source
(Maven)
Jan 24, 2024
ProTip!
Advisories are also available from the
GraphQL API