Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,467
Erlang
33
GitHub Actions
23
Go
2,172
Maven
5,000+
npm
3,832
NuGet
696
pip
3,508
Pub
12
RubyGems
910
Rust
907
Swift
38
Unreviewed advisories
All unreviewed
5,000+

5,398 advisories

Loading
Apache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution Critical
CVE-2024-56180 was published for org.apache.eventmesh:eventmesh-meta-raft (Maven) Feb 14, 2025
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J High
CVE-2015-0226 was published for org.apache.ws.security:wss4j (Maven) May 14, 2022
r3kumar
Kwik hash collision vulnerability Moderate
CVE-2025-23020 was published for tech.kwik:kwik (Maven) Feb 20, 2025
Keycloak allows cross-site scripting (XSS) Low
CVE-2024-4028 was published for org.keycloak:keycloak-core (Maven) Feb 18, 2025
XWiki Platform allows remote code execution as guest via SolrSearchMacros request Critical
CVE-2025-24893 was published for org.xwiki.platform:xwiki-platform-search-solr-ui (Maven) Feb 20, 2025
Spring Framework DoS via conditional HTTP request Moderate
CVE-2024-38809 was published for org.springframework:spring-web (Maven) Sep 24, 2024
weddige
Denial of Service attack on windows app using Netty Moderate
CVE-2025-25193 was published for io.netty:netty-common (Maven) Feb 10, 2025
chrisvest navzen2000
henrikplate JensBoening1337 jfposton
Elasticsearch allocation of resources without limits or throttling leads to crash Moderate
CVE-2024-43709 was published for org.elasticsearch:elasticsearch (Maven) Jan 21, 2025
SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine High
CVE-2025-24970 was published for io.netty:netty-handler (Maven) Feb 10, 2025
johnou
Undertow's url-encoded request path information can be broken on ajp-listener High
CVE-2024-6162 was published for io.undertow:undertow-core (Maven) Jun 20, 2024
fawind jamiejackson
Solon Path Traversal Moderate
CVE-2025-1584 was published for org.noear:solon-web-staticfiles (Maven) Feb 23, 2025
Missing permission checks in Jenkins Chaos Monkey Plugin High
CVE-2020-2322 was published for io.jenkins.plugins:chaos-monkey (Maven) May 24, 2022
NotMyFault anonymous-nlp-student
Spring Framework vulnerable to denial of service via specially crafted SpEL expression Moderate
CVE-2023-20861 was published for org.springframework:spring-expression (Maven) Mar 23, 2023
amita-seal sunSUNQ
Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery High
CVE-2023-28676 was published for org.jenkins-ci.plugins:convert-to-pipeline (Maven) Apr 2, 2023
Jenkins Role-based Authorization Strategy Plugin grants permissions even after they’ve been disabled Moderate
CVE-2023-28668 was published for org.jenkins-ci.plugins:role-strategy (Maven) Apr 2, 2023
Hippo4j privilege escalation issue High
CVE-2023-27094 was published for cn.hippo4j:hippo4j-all (Maven) Mar 23, 2023
jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode High
CVE-2021-46877 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Mar 19, 2023
Xuxueli xxl-job allows attacker to obtain sensitive information via the pageList parameter High
CVE-2023-27087 was published for com.xuxueli:xxl-job (Maven) Mar 21, 2023
Undertow Uncontrolled Resource Consumption Vulnerability High
CVE-2024-1635 was published for io.undertow:undertow-core (Maven) Feb 20, 2024
Pebble has Arbitrary Local File Inclusion (LFI) Vulnerability via `include` macro High
CVE-2025-1686 was published for io.pebbletemplates:pebble (Maven) Feb 28, 2025
Spring Security Missing Authorization vulnerability Moderate
CVE-2024-38810 was published for org.springframework.security:spring-security-core (Maven) Aug 20, 2024
io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout High
CVE-2025-1634 was published for io.quarkus:quarkus-resteasy (Maven) Feb 26, 2025
r3kumar
Quarkus REST Endpoint Request Parameter Leakage Due to Shared Instance High
CVE-2025-1247 was published for io.quarkus:quarkus-rest (Maven) Feb 13, 2025
tbroyer
WSO2 incorrect authorization vulnerability Moderate
CVE-2024-2321 was published for org.wso2.am:am-parent (Maven) Feb 27, 2025
Apache StreamPipes has improper privilege management in a REST interface Moderate
CVE-2024-24778 was published for org.apache.streampipes:streampipes-parent (Maven) Mar 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database