GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+
5,308 advisories
Filter by severity
Apache James vulnerable to denial of service through JMAP HTML to text conversion
High
CVE-2024-45626
was published
for
org.apache.james:james-server-jmap-draft
(Maven)
Feb 6, 2025
Apache NiFi: Missing Complete Authorization for Parameter and Service References
Low
CVE-2024-56512
was published
for
org.apache.nifi:nifi-web-api
(Maven)
Dec 28, 2024
Apache MINA Deserialization RCE Vulnerability
Critical
CVE-2024-52046
was published
for
org.apache.mina:mina-core
(Maven)
Dec 25, 2024
Apache Zeppelin: Replacing other users notebook, bypassing any permissions
Moderate
CVE-2024-31863
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Apache ActiveMQ's default configuration doesn't secure the API web context
High
CVE-2024-32114
was published
for
org.apache.activemq:apache-activemq
(Maven)
May 2, 2024
Apache Inlong Deserialization of Untrusted Data vulnerability
Critical
CVE-2024-26579
was published
for
org.apache.inlong:manager-pojo
(Maven)
May 8, 2024
Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability
High
CVE-2024-38286
was published
for
org.apache.tomcat:tomcat-util
(Maven)
Nov 7, 2024
SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine
High
CVE-2025-24970
was published
for
io.netty:netty-handler
(Maven)
Feb 10, 2025
Apache Felix Webconsole: XSS in services console
Moderate
CVE-2025-25247
was published
for
org.apache.felix:org.apache.felix.webconsole
(Maven)
Feb 10, 2025
SQL injection in JeecgBoot
High
CVE-2024-57606
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Feb 8, 2025
XML External Entity (XXE) Injection in JDOM
High
CVE-2021-33813
was published
for
org.jdom:jdom
(Maven)
Jul 27, 2021
Jenkins discloses project names via fingerprints
High
CVE-2015-5317
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Connection leaking on idle timeout when TCP congested
High
CVE-2024-22201
was published
for
org.eclipse.jetty.http2:http2-common
(Maven)
Feb 26, 2024
Undertow incorrectly parses cookies
High
CVE-2023-4639
was published
for
io.undertow:undertow-core
(Maven)
Nov 17, 2024
Improper Input Validation in Apache Struts
High
CVE-2006-1547
was published
for
struts:struts
(Maven)
May 1, 2022
REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering
High
CVE-2017-9805
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions
Moderate
CVE-2025-24860
was published
for
org.apache.cassandra:cassandra-all
(Maven)
Feb 4, 2025
Apache Cassandra: unrestricted deserialization of JMX authentication credentials
Moderate
CVE-2024-27137
was published
for
org.apache.cassandra:cassandra-all
(Maven)
Feb 4, 2025
io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling
High
CVE-2024-12397
was published
for
io.quarkus.http:quarkus-http-core
(Maven)
Dec 12, 2024
org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting
High
CVE-2023-29508
was published
for
org.xwiki.platform:xwiki-platform-livedata-macro
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors
Critical
CVE-2023-29507
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 12, 2023
RuoYi has insecure permissions
Moderate
CVE-2024-57438
was published
for
com.ruoyi:ruoyi
(Maven)
Jan 29, 2025
Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure
Moderate
CVE-2024-4536
was published
for
org.eclipse.edc:connector-core
(Maven)
May 7, 2024
JSONPath Plus Remote Code Execution (RCE) Vulnerability
Critical
CVE-2024-21534
was published
for
jsonpath-plus
(Maven)
Oct 11, 2024
Apache James vulnerable to denial of service through the use of IMAP literals
High
CVE-2024-37358
was published
for
org.apache.james.protocols:protocols-imap
(Maven)
Feb 6, 2025
ProTip!
Advisories are also available from the
GraphQL API