Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,656
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,420 advisories

Loading
JSON-lib mishandles an unbalanced comment string Moderate
CVE-2024-47855 was published for org.kordamp.json:json-lib-core (Maven) Oct 4, 2024
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission Moderate
CVE-2024-47805 was published for org.jenkins-ci.plugins:credentials (Maven) Oct 2, 2024
Jenkins item creation restriction bypass vulnerability Moderate
CVE-2024-47804 was published for org.jenkins-ci.main:jenkins-core (Maven) Oct 2, 2024
Jenkins exposes multi-line secrets through error messages Moderate
CVE-2024-47803 was published for org.jenkins-ci.main:jenkins-core (Maven) Oct 2, 2024
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. Moderate
CVE-2024-45772 was published for org.apache.lucene:lucene-replicator (Maven) Sep 30, 2024
streichsbaer
Eclipse Glassfish improperly handles http parameters Moderate
CVE-2024-9329 was published for org.glassfish.main.admin:rest-service (Maven) Sep 30, 2024
Spring Framework DoS via conditional HTTP request Moderate
CVE-2024-38809 was published for org.springframework:spring-web (Maven) Sep 24, 2024
org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users Moderate
CVE-2024-46979 was published for org.xwiki.platform:xwiki-platform-notifications-ui (Maven) Sep 18, 2024
org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions Moderate
CVE-2024-46978 was published for org.xwiki.platform:xwiki-platform-notifications-ui (Maven) Sep 18, 2024
floerer
Keycloak Services has a potential bypass of brute force protection Moderate
CVE-2024-4629 was published for org.keycloak:keycloak-services (Maven) Sep 17, 2024
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries Moderate
CVE-2024-46942 was published for org.opendaylight.mdsal:mdsal-artifacts (Maven) Sep 16, 2024
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability Moderate
CVE-2024-46943 was published for org.opendaylight.aaa:aaa-artifacts (Maven) Sep 16, 2024
Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit Moderate
CVE-2024-8642 was published for org.eclipse.edc:transfer-data-plane (Maven) Sep 11, 2024
Eclipse Glassfish URL redirection vulnerability Moderate
CVE-2024-8646 was published for org.glassfish.main.web:web-core (Maven) Sep 11, 2024
Keycloak Denial of Service vulnerability Moderate
CVE-2023-6841 was published for org.keycloak:keycloak-core (Maven) Sep 10, 2024
abstractj
XWiki Platform document history including authors of any page exposed to unauthorized actors Moderate
CVE-2024-45591 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Sep 10, 2024
Xiqinger
Keycloak Uses a Key Past its Expiration Date Moderate
CVE-2024-7318 was published for org.keycloak:keycloak-core (Maven) Sep 9, 2024
Keycloak Open Redirect vulnerability Moderate
CVE-2024-7260 was published for org.keycloak:keycloak-core (Maven) Sep 9, 2024
Vertx gRPC server does not limit the maximum message size Moderate
CVE-2024-8391 was published for io.vertx:vertx-grpc-client (Maven) Sep 4, 2024
Duplicate Advisory: Keycloak has a brute force login protection bypass Moderate
GHSA-8wm9-24qg-m5qj was published for org.keycloak:keycloak-services (Maven) Sep 3, 2024 withdrawn
Signature forgery in Spring Boot's Loader Moderate
CVE-2024-38807 was published for org.springframework.boot:spring-boot-loader (Maven) Aug 23, 2024
apollo-portal has potential unauthorized access issue Moderate
CVE-2024-43397 was published for com.ctrip.framework.apollo:apollo (Maven) Aug 20, 2024
Spring Framework vulnerable to Denial of Service Moderate
CVE-2024-38808 was published for org.springframework:spring-expression (Maven) Aug 20, 2024
Spring Security Missing Authorization vulnerability Moderate
CVE-2024-38810 was published for org.springframework.security:spring-security-core (Maven) Aug 20, 2024
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access Moderate
CVE-2024-44076 was published for io.github.microcks:microcks-app (Maven) Aug 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database