Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,261
Maven
5,000+
npm
3,910
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

5,512 advisories

Loading
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning Moderate
CVE-2024-34447 was published for org.bouncycastle:bcprov-jdk12 (Maven) May 3, 2024
samueloph binary-1024
Jenkins Zoho QEngine Plugin Displays Unmasked API Keys Low
CVE-2025-30197 was published for io.jenkins.plugins:zohoqengine (Maven) Mar 19, 2025
Liferay Portal and Liferay DXP Reveals Data via Forms Moderate
CVE-2025-2565 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 20, 2025
Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin Moderate
CVE-2025-27867 was published for org.apache.felix:org.apache.felix.http.webconsoleplugin (Maven) Mar 12, 2025
FitNesse Cross-site Scripting vulnerability Moderate
CVE-2024-28128 was published for org.fitnesse:fitnesse (Maven) Mar 18, 2024
Apache Druid vulnerable to Server-Side Request Forgery, Cross-site Scripting, Open Redirect Moderate
CVE-2025-27888 was published for org.apache.druid:druid (Maven) Mar 20, 2025
SQL injection in JeecgBoot High
CVE-2024-57606 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Feb 8, 2025
Apache Oozie Cross-Site Scripting (XSS) Moderate
CVE-2025-26796 was published for org.apache.oozie:oozie-core (Maven) Mar 22, 2025
aizuda snail-job Vulnerable to Deserialization via `nodeExpression` Argument Moderate
CVE-2025-2622 was published for com.aizuda:snail-job (Maven) Mar 22, 2025
Spring Security Vulnerable to Authorization Bypass via Security Annotations Moderate
CVE-2025-22223 was published for org.springframework.security:spring-security-core (Maven) Mar 24, 2025
Apache Commons VFS Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2025-30474 was published for org.apache.commons:commons-vfs2 (Maven) Mar 23, 2025
Keycloak Denial of Service (DoS) Vulnerability via JWT Token Cache Moderate
CVE-2025-2559 was published for org.keycloak:keycloak-services (Maven) Mar 25, 2025
Apache Camel: Camel Message Header Injection via Improper Filtering Moderate
CVE-2025-27636 was published for org.apache.camel:camel-support (Maven) Mar 9, 2025
daltonking90
WildFly Elytron OpenID Connect Client ExtensionOIDC authorization code injection attack Moderate
CVE-2024-12369 was published for org.wildfly.security:wildfly-elytron (Maven) Mar 25, 2025
OpenDaylight SFC Denial of Service (DoS) High
CVE-2025-29313 was published for org.opendaylight.sfc:odl-sfc-openflow-renderer (Maven) Mar 24, 2025
OpenDaylight SFC Insecure Shiro Cookie Configuration High
CVE-2025-29314 was published for org.opendaylight.sfc:odl-sfc-openflow-renderer (Maven) Mar 24, 2025
OpenDaylight SFC Allows Unauthorized Privileged Execution via Crafted Request Critical
CVE-2025-29315 was published for org.opendaylight.sfc:sfc-parent (Maven) Mar 24, 2025
Apache Kylin Server-Side Request Forgery (SSRF) via `/kylin/api/xxx/diag` Endpoint Low
CVE-2024-48944 was published for org.apache.kylin:kylin-common-server (Maven) Mar 27, 2025
Apache Kylin Code Injection via JDBC Configuration Alteration Low
CVE-2025-30067 was published for org.apache.kylin:kylin (Maven) Mar 27, 2025
Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability High
CVE-2023-49566 was published for org.apache.linkis:linkis-datasource (Maven) Jul 15, 2024
Apache Linkis arbitrary file deletion vulnerability High
CVE-2024-27182 was published for org.apache.linkis:linkis (Maven) Aug 2, 2024
Apache MINA SSHD: integrity check bypass High
CVE-2024-41909 was published for org.apache.sshd:sshd-common (Maven) Aug 12, 2024
Signature forgery in Spring Boot's Loader High
CVE-2024-38807 was published for org.springframework.boot:spring-boot-loader (Maven) Aug 23, 2024
Jenkins MQ Notifier Plugin exposes sensitive information in build logs Moderate
CVE-2024-28154 was published for com.sonymobile.jenkins.plugins.mq:mq-notifier (Maven) Mar 6, 2024
Narayana deadlock via multiple join requests sent to LRA Coordinator Moderate
CVE-2024-8447 was published for org.jboss.narayana.rts:lra-coordinator-jar (Maven) Jan 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database