Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,840
Erlang
36
GitHub Actions
33
Go
2,464
Maven
5,000+
npm
4,082
NuGet
723
pip
3,880
Pub
12
RubyGems
943
Rust
1,011
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,925 advisories

Loading
hippo4j Includes Hard Coded Secret Key in JWT Creation High
CVE-2025-51606 was published for cn.hippo4j:hippo4j-core (Maven) Aug 21, 2025
Eclipse Jetty affected by MadeYouReset HTTP/2 vulnerability High
CVE-2025-5115 was published for org.eclipse.jetty.http2:http2-common (Maven) Aug 20, 2025
galbarnahum AnatBB
YanivRL
Liferay Portal Vulnerable to Cross-Site Request Forgery High
CVE-2025-43748 was published for com.liferay.portal:release.portal.bom (Maven) Aug 20, 2025
Netty affected by MadeYouReset HTTP/2 DDoS vulnerability High
CVE-2025-55163 was published for io.netty:netty-codec-http2 (Maven) Aug 13, 2025
galbarnahum AnatBB
YanivRL
Apache Tomcat Improper Resource Shutdown or Release vulnerability High
CVE-2025-48989 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Aug 13, 2025
snieguu
Apache Seata: Deserialization of untrusted Data in Apache Seata Server High
CVE-2025-53606 was published for org.apache.seata:seata-serializer-fury (Maven) Aug 8, 2025
XWiki exposes passwords and emails stored in fields not named password/email in xml.vm High
CVE-2025-54125 was published for org.xwiki.platform:xwiki-platform-legacy-oldcore (Maven) Aug 5, 2025
XWiki leaks password hashes and other accessible password properties High
CVE-2025-54124 was published for org.xwiki.platform:xwiki-platform-legacy-oldcore (Maven) Aug 5, 2025
XWiki Platform vulnerable to SQL injection through XWiki#searchDocuments API High
CVE-2025-54385 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jul 25, 2025
Apache Jena doesn't validate file access paths in configuration files uploaded by users with administrator access High
CVE-2025-50151 was published for org.apache.jena:jena (Maven) Jul 21, 2025
Eclipse GlassFish is vulnerable to Server Side Request Forgery attacks through specific endpoints High
CVE-2024-9408 was published for org.glassfish.main.admingui:console-common (Maven) Jul 16, 2025
Apache Jackrabbit vulnerable to blind XXE attack due to insecure document build High
CVE-2025-53689 was published for org.apache.jackrabbit:jackrabbit-core (Maven) Jul 14, 2025
Apache Zeppelin exposes server resources to unauthenticated attackers High
CVE-2024-41169 was published for org.apache.zeppelin:zeppelin-interpreter (Maven) Jul 12, 2025
Jenkins Applitools Eyes Plugin vulnerable to XSS through its Build page High
CVE-2025-53658 was published for org.jenkins-ci.plugins:applitools-eyes (Maven) Jul 9, 2025
Graylog vulnerable to privilege escalation through API tokens High
CVE-2025-53106 was published for org.graylog2:graylog2-server (Maven) Jun 30, 2025
thll
Janssen Config API returns results without scope verification High
CVE-2025-53003 was published for io.jans:jans-config-api-server (Maven) Jun 30, 2025
jackson-core can throw a StackoverflowError when processing deeply nested data High
CVE-2025-52999 was published for com.fasterxml.jackson.core:jackson-core (Maven) Jun 27, 2025
Allure Report allows Improper XXE Restriction via DocumentBuilderFactory High
CVE-2025-52888 was published for io.qameta.allure.plugins:junit-xml-plugin (Maven) Jun 25, 2025
DerekHaber baev
sentry-android unmasked sensitive data in Android Session Replays for users of Jetpack Compose 1.8+ High
GHSA-7cjh-xx4r-qh3f was published for io.sentry:sentry-android (Maven) Jun 20, 2025
Crafter Studio Groovy Sandbox Bypass High
CVE-2025-6384 was published for org.craftercms:crafter-studio (Maven) Jun 19, 2025
PowSyBl Core allows deserialization of untrusted SparseMatrix data High
CVE-2025-47771 was published for com.powsybl:powsybl-math (Maven) Jun 19, 2025
arthurscchan AdamKorcz
olperr1 rolnico
Liferay Portal SessionClicks does not restrict the saving of request parameters in the HTTP session High
CVE-2025-3526 was published for com.liferay.portal:com.liferay.portal.kernel (Maven) Jun 16, 2025
Apache Tomcat - DoS in multipart upload High
CVE-2025-48988 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 16, 2025
Liferay Portal path traversal vulnerability with the downloading and installation of Xuggler High
CVE-2025-3594 was published for com.liferay:com.liferay.server.admin.web (Maven) Jun 16, 2025
Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers High
CVE-2025-48976 was published for commons-fileupload:commons-fileupload (Maven) Jun 16, 2025
ryanmurf
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database