GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,450 advisories
Filter by severity
Liferay Portal's account lockout does not invalidate existing user sessions
Moderate
CVE-2023-47798
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
Graylog session fixation vulnerability through cookie injection
Moderate
CVE-2024-24823
was published
for
org.graylog2:graylog2-server
(Maven)
Feb 7, 2024
Apache Ozone Improper Authentication vulnerability
Moderate
CVE-2023-39196
was published
for
org.apache.ozone:ozone-main
(Maven)
Feb 7, 2024
Spring Security's spring-security.xsd file is world writable
Moderate
CVE-2023-34042
was published
for
org.springframework.security:spring-security-config
(Maven)
Feb 6, 2024
Malicious input can provoke XSS when preserving comments
Moderate
CVE-2024-23635
was published
for
org.owasp.antisamy:antisamy
(Maven)
Feb 2, 2024
Duplicate Advisory: Central Dogma Authentication Bypass Vulnerability via Session Leakage
Moderate
GHSA-qfv2-3p2f-vg48
was published
for
com.linecorp.centraldogma:centraldogma-server
(Maven)
Feb 2, 2024
•
withdrawn
CrateDB database has an arbitrary file read vulnerability
Moderate
CVE-2024-24565
was published
for
io.crate:crate
(Maven)
Jan 30, 2024
Path traversal vulnerability in Jenkins Matrix Project Plugin
Moderate
CVE-2024-23900
was published
for
org.jenkins-ci.plugins:matrix-project
(Maven)
Jan 24, 2024
Shared projects are unconditionally discovered by Jenkins GitLab Branch Source Plugin
Moderate
CVE-2024-23901
was published
for
io.jenkins.plugins:gitlab-branch-source
(Maven)
Jan 24, 2024
CSRF vulnerability in Jenkins GitLab Branch Source Plugin
Moderate
CVE-2024-23902
was published
for
io.jenkins.plugins:gitlab-branch-source
(Maven)
Jan 24, 2024
Cross-site Scripting in JFinal
Moderate
CVE-2024-22497
was published
for
com.jfinal:jfinal
(Maven)
Jan 23, 2024
Cross-site Scripting in JFinal
Moderate
CVE-2024-22496
was published
for
com.jfinal:jfinal
(Maven)
Jan 23, 2024
Cross-site Scripting in beetl-bbs
Moderate
CVE-2024-22490
was published
for
com.ibeetl:beetl
(Maven)
Jan 23, 2024
keycloak-core: open redirect via "form_post.jwt" JARM response mode
Moderate
CVE-2023-6927
was published
for
org.keycloak:keycloak-core
(Maven)
Jan 23, 2024
Insertion of Sensitive Information into Log File in OWASP DependencyCheck
Moderate
CVE-2024-23686
was published
for
org.owasp:dependency-check-ant
(Maven)
Jan 20, 2024
Hard-coded credentials in org.folio:mod-remote-storage
Moderate
CVE-2024-23685
was published
for
org.folio:mod-remote-storage
(Maven)
Jan 19, 2024
JavaScript execution via malicious molfiles (XSS)
Moderate
CVE-2024-0758
was published
for
de.ipb-halle:molecularfaces
(Maven)
Jan 19, 2024
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
Moderate
CVE-2024-23680
was published
for
com.amazonaws:aws-encryption-sdk-java
(Maven)
Jan 19, 2024
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2024-21733
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 19, 2024
Stored Cross Site Scripting in beetl-bbs
Moderate
CVE-2024-22491
was published
for
com.ibeetl:beetl
(Maven)
Jan 16, 2024
Apache Shiro vulnerable to path traversal
Moderate
CVE-2023-46749
was published
for
org.apache.shiro:shiro-core
(Maven)
Jan 15, 2024
Apache Solr allows read access to host environmet variables
Moderate
CVE-2023-50290
was published
for
org.apache.solr:solr-core
(Maven)
Jan 15, 2024
Cross-site Scripting in JFinal
Moderate
CVE-2024-22492
was published
for
com.jfinal:jfinal
(Maven)
Jan 12, 2024
Cross-site Scripting in JFinal
Moderate
CVE-2024-22493
was published
for
com.jfinal:jfinal
(Maven)
Jan 12, 2024
Qualys Jenkins Plugin for WAS XML External Entity vulnerability
Moderate
CVE-2023-6149
was published
for
com.qualys.plugins:qualys-was
(Maven)
Jan 9, 2024
ProTip!
Advisories are also available from the
GraphQL API