GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+
5,293 advisories
Filter by severity
Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2023-47795
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
Critical
CVE-2023-40191
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing
Moderate
CVE-2024-23953
was published
for
org.apache.hive:hive-llap-common
(Maven)
Jan 28, 2025
Apache Ambari XML External Entity injection
Moderate
CVE-2023-50380
was published
for
org.apache.ambari.contrib.views:wfmanager
(Maven)
Feb 27, 2024
Infinispan vulnerable to Insertion of Sensitive Information into Log File
Moderate
CVE-2025-0736
was published
for
org.infinispan:infinispan-parent
(Maven)
Jan 28, 2025
Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing
Moderate
CVE-2024-25151
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting
Critical
CVE-2024-26269
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-26266
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-25603
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting
Critical
CVE-2023-42498
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
Critical
CVE-2023-42496
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Apache Ranger UI vulnerable to Server Side Request Forgery
Critical
CVE-2024-45479
was published
for
org.apache.ranger:ranger
(Maven)
Jan 22, 2025
Apache Cocoon vulnerable to Incorrect Usage of Seeds in Pseudo-Random Number Generator
Low
CVE-2025-24783
was published
for
org.apache.cocoon:cocoon-forms-impl
(Maven)
Jan 27, 2025
Apache Solr vulnerable to Execution with Unnecessary Privileges
High
CVE-2025-24814
was published
for
org.apache.solr:solr-core
(Maven)
Jan 27, 2025
Apache Solr Relative Path Traversal vulnerability
Moderate
CVE-2024-52012
was published
for
org.apache.solr:solr-core
(Maven)
Jan 27, 2025
Apache Tomcat - Authentication Bypass
Critical
CVE-2024-52316
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
Nov 18, 2024
Apache Tomcat Request and/or response mix-up
Moderate
CVE-2024-52317
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 18, 2024
XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher`
High
CVE-2024-52807
was published
for
org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli
(Maven)
Jan 24, 2025
HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information
Moderate
CVE-2025-24363
was published
for
org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli
(Maven)
Jan 24, 2025
Spring Framework has Authorization Bypass for Case Sensitive Comparisons
Moderate
CVE-2024-38827
was published
for
org.springframework.security:spring-security-core
(Maven)
Dec 2, 2024
Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications
Critical
CVE-2024-38821
was published
for
org.springframework.security:spring-security-web
(Maven)
Oct 28, 2024
Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file
Moderate
CVE-2024-25710
was published
for
org.apache.commons:commons-compress
(Maven)
Feb 19, 2024
Jenkins Ansible Plugin stores and displays secrets in plain text
Moderate
CVE-2023-32982
was published
for
org.jenkins-ci.plugins:ansible
(Maven)
May 16, 2023
Jenkins Azure VM Agents Plugin missing permission checks
Moderate
CVE-2023-32988
was published
for
org.jenkins-ci.plugins:azure-vm-agents
(Maven)
May 16, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing hostname validation
Moderate
CVE-2023-32993
was published
for
io.jenkins.plugins:miniorange-saml-sp
(Maven)
May 16, 2023
ProTip!
Advisories are also available from the
GraphQL API