GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,450 advisories
Filter by severity
Apache HugeGraph-Server: Fixed JWT Token (Secret)
Moderate
CVE-2024-43441
was published
for
org.apache.hugegraph:hugegraph-server
(Maven)
Dec 24, 2024
keycloak-core: open redirect via "form_post.jwt" JARM response mode
Moderate
CVE-2023-6927
was published
for
org.keycloak:keycloak-core
(Maven)
Jan 23, 2024
Cross Site Scripting (XSS) vulnerability while uploading content to a new deployment
Moderate
GHSA-64gp-r758-8pfm
was published
for
org.jboss.hal:hal-console
(Maven)
Dec 23, 2024
Netty vulnerability included in redis lettuce
Moderate
GHSA-q4h9-7rxj-7gx2
was published
for
io.lettuce:lettuce-core
(Maven)
Dec 2, 2024
Duplicate Advisory: Keycloak Open Redirect vulnerability
Moderate
GHSA-3p75-q5cc-qmj7
was published
for
org.keycloak:keycloak-parent
(Maven)
Dec 19, 2023
•
withdrawn
HTTP/2 Stream Cancellation Attack
Moderate
CVE-2023-44487
was published
for
com.typesafe.akka:akka-http-core
(Go)
Oct 10, 2023
Keycloak has Vulnerable Redirect URI Validation Results in Open Redirect
Moderate
CVE-2024-8883
was published
for
org.keycloak:keycloak-services
(Maven)
Oct 14, 2024
Keycloaks's One Time Passcode (OTP) is valid longer than expiration timeSeverity
Moderate
CVE-2024-7318
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 14, 2024
Duplicate Advisory: Keycloak Uses a Key Past its Expiration Date
Moderate
GHSA-57rh-gr4v-j5f6
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 9, 2024
•
withdrawn
Duplicate Advisory: Keycloak user may register themselves with same email ID of any existing user
Moderate
GHSA-j9xq-j329-2xvg
was published
for
org.keycloak:keycloak-core
(Maven)
Aug 27, 2022
•
withdrawn
Duplicate Advisory: Keycloak SAML signature validation flaw
Moderate
GHSA-4xx7-2cx3-x473
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Sep 19, 2024
•
withdrawn
QOS.CH logback-core Expression Language Injection vulnerability
Moderate
CVE-2024-12798
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 19, 2024
Apache Tomcat Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-54677
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
Dec 17, 2024
Keycloak vulnerable to Cleartext Transmission of Sensitive Information
Moderate
CVE-2024-10973
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Dec 18, 2024
Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page
Moderate
CVE-2023-37940
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Dec 18, 2024
Elasticsearch Incorrect Authorization vulnerability
Moderate
CVE-2024-12539
was published
for
org.elasticsearch:elasticsearch
(Maven)
Dec 17, 2024
Liferay Portal and Liferay DXP vulnerable to Criss-site Scripting
Moderate
CVE-2024-11993
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Dec 17, 2024
Welcome and About GeoServer pages communicate version and revision information
Moderate
CVE-2024-35230
was published
for
org.geoserver.web:gs-web-app
(Maven)
Dec 16, 2024
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
Moderate
CVE-2024-29131
was published
for
org.apache.commons:commons-configuration2
(Maven)
Mar 21, 2024
XWiki's scheduler in subwiki allows scheduling operations for any main wiki user
Moderate
CVE-2024-55876
was published
for
org.xwiki.platform:xwiki-platform-scheduler-ui
(Maven)
Dec 12, 2024
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.
Moderate
CVE-2024-45772
was published
for
org.apache.lucene:lucene-replicator
(Maven)
Sep 30, 2024
Spring MVC controller vulnerable to a DoS attack
Moderate
CVE-2024-38828
was published
for
org.springframework:spring-webmvc
(Maven)
Nov 18, 2024
WildFly Elytron OpenID Connect Client Extension authorization code injection attack
Moderate
CVE-2024-12369
was published
for
org.wildfly:wildfly-elytron-oidc-client-subsystem
(Maven)
Dec 9, 2024
Spring LDAP data exposure vulnerability
Moderate
CVE-2024-38829
was published
for
org.springframework.ldap:spring-ldap-core
(Maven)
Dec 4, 2024
sigstore-java has vulnerability with bundle verification
Moderate
CVE-2024-53267
was published
for
dev.sigstore:sigstore-java
(Maven)
Nov 26, 2024
ProTip!
Advisories are also available from the
GraphQL API