Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,867
Maven
5,000+
npm
4,488
NuGet
780
pip
4,244
Pub
12
RubyGems
975
Rust
1,096
Swift
49
Unreviewed advisories
All unreviewed
5,000+

3,051 advisories

Loading
jsonschema2pojo has Improper Restriction of Operations within the Bounds of a Memory Buffer Moderate
CVE-2025-3588 was published for org.jsonschema2pojo:jsonschema2pojo-core (Maven) Apr 14, 2025
Unregistered users can see "public" messages from a closed wiki via notifications from a different wiki Moderate
CVE-2025-32783 was published for org.xwiki.platform:xwiki-platform-messagestream (Maven) Apr 16, 2025
Duplicate Advisory: WildFly Elytron OpenID Connect Client Extension authorization code injection attack Moderate
GHSA-4v5x-9m47-cqr2 was published for org.wildfly:wildfly-elytron-oidc-client-subsystem (Maven) Dec 9, 2024 withdrawn
darranl
Credited to darranl
OpenCMS cross-site scripting (XSS) vulnerability Moderate
CVE-2024-41446 was published for org.opencms:opencms-core (Maven) Apr 21, 2025
Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability Moderate
CVE-2024-41447 was published for org.opencms:opencms-core (Maven) Apr 18, 2025
Smack allows the bypass of TLS protections Moderate
CVE-2016-10027 was published for org.igniterealtime.smack:smack-core (Maven) May 13, 2022
WSO2 Carbon vulnerable to Cross-site Scripting Moderate
CVE-2016-4316 was published for org.wso2.carbon.commons:org.wso2.carbon.messageflows.ui (Maven) May 14, 2022
WSO2 Carbon directory traversal vulnerability Moderate
CVE-2016-4314 was published for org.wso2.carbon.commons:org.wso2.carbon.logging.view.ui (Maven) May 14, 2022
The Reporting Addon for CUBA Platform has Persistent XSS Moderate
CVE-2018-20663 was published for com.haulmont.cuba:cuba-web-toolkit (Maven) May 14, 2022
Apache Knox allows impersonation of users Moderate
CVE-2017-5646 was published for org.apache.knox:gateway-provider-identity-assertion-common (Maven) May 13, 2022
Apache Wicket allows attackers to check for third-party libraries Moderate
CVE-2014-0043 was published for org.apache.wicket:wicket-core (Maven) May 17, 2022
Cuba has a DoS in the File Storage Moderate
CVE-2025-32959 was published for com.haulmont.cuba:cuba-core (Maven) Apr 22, 2025
XSS in the /files Endpoint of the Generic REST API Moderate
CVE-2025-32960 was published for com.haulmont.addon.restapi:restapi-rest-api (Maven) Apr 22, 2025
XSS in the /download Endpoint of the JPA Web API Moderate
CVE-2025-32961 was published for com.haulmont.addon.jpawebapi:jpawebapi-jpawebapi (Maven) Apr 22, 2025
Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via a Journal Article Title Moderate
CVE-2019-16147 was published for com.liferay:com.liferay.journal.taglib (Maven) May 24, 2022
Liferay Portal Vulnerable to Persistent Cross-Site Scripting (XSS) in MyAccountPortlet Moderate
CVE-2020-7934 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2022
Liferay Portal Allows Cross-Site Scripting (XSS) via the SimpleCaptcha API Moderate
CVE-2019-6588 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2022
Apereo CAS has inefficient regular expression complexity Moderate
CVE-2025-3986 was published for org.apereo.cas:cas-server-core-configuration-metadata-repository (Maven) Apr 27, 2025
Keycloak Denial of Service (DoS) Vulnerability via JWT Token Cache Moderate
CVE-2025-2559 was published for org.keycloak:keycloak-services (Maven) Mar 25, 2025
Duplicate Advisory: Keycloak vulnerable to two factor authentication bypass Moderate
GHSA-fx44-2wx5-5fvp was published for org.keycloak:keycloak-services (Maven) Apr 29, 2025 withdrawn
Incorrect Default Permissions in Liferay Portal Moderate
CVE-2022-42127 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Missing permissions check in Liferay Portal Moderate
CVE-2022-42126 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
org.xwiki.platform:xwiki-platform-wysiwyg-api Open Redirect vulnerability Moderate
CVE-2025-32970 was published for org.xwiki.platform:xwiki-platform-wysiwyg-api (Maven) Apr 29, 2025
Missing permission check in Jenkins loader.io Plugin allows enumerating credentials IDs Moderate
CVE-2022-45390 was published for io.loader:loaderio-jenkins-plugin (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
XXE vulnerability on agents in Jenkins SourceMonitor Plugin Moderate
CVE-2022-45396 was published for com.thalesgroup.hudson.plugins:sourcemonitor (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database