Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,746
Maven
5,000+
npm
4,346
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

6,163 advisories

Loading
Undertow MadeYouReset HTTP/2 DDoS Vulnerability High
CVE-2025-9784 was published for io.undertow:undertow-core (Maven) Sep 2, 2025
fawind
Credited to fawind
GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature High
CVE-2025-58360 was published for org.geoserver.web:gs-web-app (Maven) Nov 25, 2025
xbow-security jodygarnett
Credited to xbow-security and jodygarnett
Default CORS config allows any origin with credentials Critical
CVE-2021-39185 was published for org.http4s:http4s-server_2.10 (Maven) Sep 2, 2021
bplommer
Credited to bplommer
Response Splitting from unsanitized headers High
CVE-2021-41084 was published for org.http4s:http4s-client_2.12 (Maven) Sep 22, 2021
Http4s improperly parses User-Agent and Server headers High
CVE-2023-22465 was published for org.http4s:http4s-core (Maven) Jan 6, 2023
Improper Input Validation in Apache Spark High
CVE-2018-11804 was published for org.apache.spark:spark-core_2.10 (Maven) May 14, 2022
Apache Kafka Deserialization of Untrusted Data vulnerability High
CVE-2025-27818 was published for org.apache.kafka:kafka_2.11 (Maven) Jun 10, 2025
Apache Kafka Deserialization of Untrusted Data vulnerability High
CVE-2025-27819 was published for org.apache.kafka:kafka_2.10 (Maven) Jun 10, 2025
PowerJob has a server-side request forgery vulnerability in PingPongUtils.java Moderate
CVE-2025-14518 was published for tech.powerjob:powerjob-common (Maven) Dec 11, 2025
XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection High
CVE-2025-66474 was published for org.xwiki.rendering:xwiki-rendering-xml (Maven) Dec 10, 2025
XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis High
CVE-2025-66473 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Dec 10, 2025
XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication Moderate
CVE-2025-66472 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Dec 10, 2025
4rdr
Credited to 4rdr
Improper Memory Cleanup in the Okta Java SDK Moderate
CVE-2025-66033 was published for com.okta.sdk:okta-sdk-root (Maven) Dec 10, 2025
pyckle
Credited to pyckle
Race condition in the Okta Java SDK High
CVE-2025-67505 was published for com.okta.sdk:okta-sdk-root (Maven) Dec 10, 2025
Jenkins HashiCorp Vault Plugin exposes system-scoped Vault credentials Moderate
CVE-2025-67642 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Dec 10, 2025
Jenkins Redpen - Pipeline Reporter for Jira Plugin has a path traversal vulnerability Moderate
CVE-2025-67643 was published for org.jenkinsci.plugins:pipeline-reporter-by-redpen (Maven) Dec 10, 2025
Jenkins Coverage Plugin has a stored cross-site scripting (XSS) vulnerability High
CVE-2025-67641 was published for io.jenkins.plugins:coverage (Maven) Dec 10, 2025
Jenkins's build authorization token is stored and displayed in plain text Moderate
CVE-2025-67638 was published for org.jenkins-ci.main:jenkins-core (Maven) Dec 10, 2025
Jenkins has a CSRF vulnerability on the login form Low
CVE-2025-67639 was published for org.jenkins-ci.main:jenkins-core (Maven) Dec 10, 2025
Jenkins Git client Plugin has an OS command injection vulnerability on agents in Git client Plugin Moderate
CVE-2025-67640 was published for org.jenkins-ci.plugins:git-client (Maven) Dec 10, 2025
Jenkins's build authorization token is stored and displayed in plain text Moderate
CVE-2025-67637 was published for org.jenkins-ci.main:jenkins-core (Maven) Dec 10, 2025
Jenkins is missing a permission check on password fields Moderate
CVE-2025-67636 was published for org.jenkins-ci.main:jenkins-core (Maven) Dec 10, 2025
Jenkins has a Denial of service vulnerability in HTTP-based CLI High
CVE-2025-67635 was published for org.jenkins-ci.main:cli (Maven) Dec 10, 2025
Apache Struts has a Denial of Service vulnerability High
CVE-2025-66675 was published for org.apache.struts:struts2-core (Maven) Dec 10, 2025
Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions Low
CVE-2025-14082 was published for org.keycloak:keycloak-services (Maven) Dec 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database