GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+
5,308 advisories
Filter by severity
Snowflake JDBC allows an untrusted search path on Windows
High
CVE-2025-24789
was published
for
net.snowflake:snowflake-jdbc
(Maven)
Jan 29, 2025
RuoYi has insecure permissions
Moderate
CVE-2024-57438
was published
for
com.ruoyi:ruoyi
(Maven)
Jan 29, 2025
RuoYi allowed unauthorized attackers to view the session ID of the admin in the system monitoring
High
CVE-2024-57436
was published
for
com.ruoyi:ruoyi
(Maven)
Jan 29, 2025
RuoYi vulnerable to Denial of Service by attackers with admin privileges
Moderate
CVE-2024-57439
was published
for
com.ruoyi:ruoyi
(Maven)
Jan 29, 2025
Apache Hive Incorrectly Assigns Permissions for a Critical Resource
Moderate
CVE-2024-29869
was published
for
org.apache.hive:hive-exec
(Maven)
Jan 29, 2025
Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing
Moderate
CVE-2024-23953
was published
for
org.apache.hive:hive-llap-common
(Maven)
Jan 28, 2025
Infinispan vulnerable to Insertion of Sensitive Information into Log File
Moderate
CVE-2025-0736
was published
for
org.infinispan:infinispan-parent
(Maven)
Jan 28, 2025
Apache Cocoon vulnerable to Incorrect Usage of Seeds in Pseudo-Random Number Generator
Low
CVE-2025-24783
was published
for
org.apache.cocoon:cocoon-forms-impl
(Maven)
Jan 27, 2025
Apache Solr Relative Path Traversal vulnerability
Moderate
CVE-2024-52012
was published
for
org.apache.solr:solr-core
(Maven)
Jan 27, 2025
Apache Solr vulnerable to Execution with Unnecessary Privileges
High
CVE-2025-24814
was published
for
org.apache.solr:solr-core
(Maven)
Jan 27, 2025
HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information
Moderate
CVE-2025-24363
was published
for
org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli
(Maven)
Jan 24, 2025
XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher`
High
CVE-2024-52807
was published
for
org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli
(Maven)
Jan 24, 2025
Apache Wicket: An attacker can intentionally trigger a memory leak
Critical
CVE-2024-53299
was published
for
org.apache.wicket:wicket-core
(Maven)
Jan 23, 2025
Cross site scripting in Silverpeas Core
Moderate
CVE-2024-56923
was published
for
org.silverpeas.core:silverpeas-core
(Maven)
Jan 22, 2025
Disabled permissions can be granted by Folder-based in Jenkins Authorization Strategy Plugin
Moderate
CVE-2025-24401
was published
for
io.jenkins.plugins:folder-auth
(Maven)
Jan 22, 2025
CSRF vulnerability in Jenkins Azure Service Fabric Plugin
Moderate
CVE-2025-24402
was published
for
org.jenkins-ci.plugins:service-fabric
(Maven)
Jan 22, 2025
Missing permission checks in Jenkins Azure Service Fabric Plugin
Moderate
CVE-2025-24403
was published
for
org.jenkins-ci.plugins:service-fabric
(Maven)
Jan 22, 2025
Improper handling of case sensitivity in Jenkins OpenId Connect Authentication Plugin
High
CVE-2025-24399
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Jan 22, 2025
Incorrect permission check in Jenkins GitLab Plugin allows enumerating credentials IDs
Moderate
CVE-2025-24397
was published
for
org.jenkins-ci.plugins:gitlab-plugin
(Maven)
Jan 22, 2025
Bitbucket Server Integration Plugin allows bypassing CSRF protection for any URL
High
CVE-2025-24398
was published
for
io.jenkins.plugins:atlassian-bitbucket-server-integration
(Maven)
Jan 22, 2025
Cache confusion in Jenkins Eiffel Broadcaster Plugin
Moderate
CVE-2025-24400
was published
for
com.axis.jenkins.plugins.eiffel:eiffel-broadcaster
(Maven)
Jan 22, 2025
Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak
Moderate
CVE-2025-0604
was published
for
org.keycloak:keycloak-ldap-federation
(Maven)
Jan 22, 2025
Apache Ranger UI vulnerable to Server Side Request Forgery
Critical
CVE-2024-45479
was published
for
org.apache.ranger:ranger
(Maven)
Jan 22, 2025
Elasticsearch allocation of resources without limits or throttling leads to crash
Moderate
CVE-2024-43709
was published
for
org.elasticsearch:elasticsearch
(Maven)
Jan 21, 2025
Apache CXF: Denial of Service vulnerability with temporary files
High
CVE-2025-23184
was published
for
org.apache.cxf:cxf-core
(Maven)
Jan 21, 2025
ProTip!
Advisories are also available from the
GraphQL API