GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,414 advisories
Filter by severity
Cross-site Scripting in beetl-bbs
Moderate
CVE-2024-22490
was published
for
com.ibeetl:beetl
(Maven)
Jan 23, 2024
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
Moderate
CVE-2024-23680
was published
for
com.amazonaws:aws-encryption-sdk-java
(Maven)
Jan 19, 2024
XWiki Platform document history including authors of any page exposed to unauthorized actors
Moderate
CVE-2024-45591
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Sep 10, 2024
Apache RocketMQ Vulnerable to Unauthorized Exposure of Sensitive Data
Moderate
CVE-2024-23321
was published
for
org.apache.rocketmq:rocketmq-all
(Maven)
Jul 22, 2024
Keycloak Open Redirect vulnerability
Moderate
CVE-2024-7260
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 9, 2024
Keycloak Uses a Key Past its Expiration Date
Moderate
CVE-2024-7318
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 9, 2024
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
Moderate
CVE-2024-29857
was published
for
BouncyCastle
(Maven)
May 14, 2024
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
Moderate
CVE-2024-30172
was published
for
BouncyCastle
(Maven)
May 14, 2024
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
Moderate
CVE-2024-30171
was published
for
BouncyCastle
(Maven)
May 14, 2024
Bouncy Castle Denial of Service (DoS)
Moderate
CVE-2023-33202
was published
for
org.bouncycastle:bcpkix-jdk18on
(Maven)
Nov 23, 2023
Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API
Moderate
CVE-2023-51445
was published
for
org.geoserver:gs-restconfig
(Maven)
Mar 20, 2024
XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader
Moderate
CVE-2024-37900
was published
for
org.xwiki.platform:xwiki-platform-web-war
(Maven)
Jul 31, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6531
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability
Moderate
CVE-2024-28087
was published
for
org.bonitasoft.engine:bonita-server
(Maven)
May 15, 2024
Vertx gRPC server does not limit the maximum message size
Moderate
CVE-2024-8391
was published
for
io.vertx:vertx-grpc-client
(Maven)
Sep 4, 2024
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow
Moderate
CVE-2023-6717
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Jenkins Subversion Partial Release Manager Plugin missing permission check
Moderate
CVE-2024-28159
was published
for
org.jenkins-ci.plugins:svn-partial-release-mgr
(Maven)
Mar 6, 2024
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file
Moderate
CVE-2024-26308
was published
for
org.apache.commons:commons-compress
(Maven)
Feb 19, 2024
Jenkins docker-build-step Plugin missing permission check
Moderate
CVE-2024-2216
was published
for
org.jenkins-ci.plugins:docker-build-step
(Maven)
Mar 6, 2024
Allocation of Resources Without Limits or Throttling in metadata-extractor
Moderate
CVE-2022-24614
was published
for
com.drewnoakes:metadata-extractor
(Maven)
Feb 25, 2022
Signature forgery in Spring Boot's Loader
Moderate
CVE-2024-38807
was published
for
org.springframework.boot:spring-boot-loader
(Maven)
Aug 23, 2024
Kwik does not discard unused encryption keys
Moderate
CVE-2024-22588
was published
for
tech.kwik:kwik
(Maven)
May 24, 2024
Undertow Path Traversal vulnerability
Moderate
CVE-2024-1459
was published
for
io.undertow:undertow-core
(Maven)
Feb 12, 2024
Spring Security Missing Authorization vulnerability
Moderate
CVE-2024-38810
was published
for
org.springframework.security:spring-security-core
(Maven)
Aug 20, 2024
Spring Framework vulnerable to Denial of Service
Moderate
CVE-2024-38808
was published
for
org.springframework:spring-expression
(Maven)
Aug 20, 2024
ProTip!
Advisories are also available from the
GraphQL API