Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

5,160 advisories

Loading
Keycloak Denial of Service vulnerability Moderate
CVE-2023-6841 was published for org.keycloak:keycloak-core (Maven) Sep 10, 2024
abstractj
XWiki Platform document history including authors of any page exposed to unauthorized actors Moderate
CVE-2024-45591 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Sep 10, 2024
Xiqinger
Keycloak Session Fixation vulnerability High
CVE-2024-7341 was published for org.keycloak:keycloak-services (Maven) Sep 9, 2024
stianst
Keycloak Open Redirect vulnerability Moderate
CVE-2024-7260 was published for org.keycloak:keycloak-core (Maven) Sep 9, 2024
Keycloak Uses a Key Past its Expiration Date Moderate
CVE-2024-7318 was published for org.keycloak:keycloak-core (Maven) Sep 9, 2024
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` High
CVE-2024-45294 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Sep 6, 2024
qligier
Vertx gRPC server does not limit the maximum message size Moderate
CVE-2024-8391 was published for io.vertx:vertx-grpc-client (Maven) Sep 4, 2024
Duplicate Advisory: Keycloak has a brute force login protection bypass Moderate
GHSA-8wm9-24qg-m5qj was published for org.keycloak:keycloak-services (Maven) Sep 3, 2024 withdrawn
Missing hostname validation in Kroxylicious High
CVE-2024-8285 was published for io.kroxylicious:kroxylicious-runtime (Maven) Aug 31, 2024
Signature forgery in Spring Boot's Loader Moderate
CVE-2024-38807 was published for org.springframework.boot:spring-boot-loader (Maven) Aug 23, 2024
Undertow vulnerable to Race Condition High
CVE-2024-7885 was published for io.undertow:undertow-core (Maven) Aug 21, 2024
jw123023
Apache SeaTunnel SQL Injection vulnerability High
CVE-2023-49198 was published for org.apache.seatunnel:seatunnel (Maven) Aug 21, 2024
Apache Helix Front (UI) component contained a hard-coded secret High
CVE-2024-22281 was published for org.apache.helix:helix (Maven) Aug 21, 2024
apollo-portal has potential unauthorized access issue Moderate
CVE-2024-43397 was published for com.ctrip.framework.apollo:apollo (Maven) Aug 20, 2024
Spring Framework vulnerable to Denial of Service Moderate
CVE-2024-38808 was published for org.springframework:spring-expression (Maven) Aug 20, 2024
Apache Dolphinscheduler Code Injection vulnerability Critical
CVE-2024-43202 was published for org.apache.dolphinscheduler:dolphinscheduler-task-api (Maven) Aug 20, 2024
Spring Security Missing Authorization vulnerability Moderate
CVE-2024-38810 was published for org.springframework.security:spring-security-core (Maven) Aug 20, 2024
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them Critical
CVE-2024-43401 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Aug 19, 2024
floerer
XWiki Platform allows XSS through XClass name in string properties Critical
CVE-2024-43400 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Aug 19, 2024
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access Moderate
CVE-2024-44076 was published for io.github.microcks:microcks-app (Maven) Aug 19, 2024
Silverpeas vulnerable to password complexity rule bypass Low
CVE-2024-42850 was published for org.silverpeas.core:silverpeas-core (Maven) Aug 16, 2024
Improper Preservation of Permissions in xxl-job High
CVE-2024-42681 was published for com.xuxueli:xxl-job-core (Maven) Aug 15, 2024
Apache MINA SSHD: integrity check bypass High
CVE-2024-41909 was published for org.apache.sshd:sshd-common (Maven) Aug 12, 2024
Apache DolphinScheduler: Resource File Read And Write Vulnerability High
CVE-2024-30188 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Aug 12, 2024
Apache DolphinScheduler: RCE by arbitrary js execution High
CVE-2024-29831 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Aug 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database