GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,263
Erlang
31
GitHub Actions
21
Go
2,033
Maven
5,000+
npm
3,732
NuGet
662
pip
3,411
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
5,218 advisories
Filter by severity
XWiki allows remote code execution through the extension sheet
Critical
CVE-2024-55662
was published
for
org.xwiki.platform:xwiki-platform-repository-server-ui
(Maven)
Dec 12, 2024
XWiki Platform has an SQL injection in getdocuments.vm with sort parameter
High
CVE-2024-55663
was published
for
org.xwiki.platform:xwiki-platform-distribution-war
(Maven)
Dec 12, 2024
http4k has a potential XXE (XML External Entity Injection) vulnerability
Critical
CVE-2024-55875
was published
for
org.http4k:http4k-format-xml
(Maven)
Dec 12, 2024
XWiki's scheduler in subwiki allows scheduling operations for any main wiki user
Moderate
CVE-2024-55876
was published
for
org.xwiki.platform:xwiki-platform-scheduler-ui
(Maven)
Dec 12, 2024
XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList
Critical
CVE-2024-55877
was published
for
org.xwiki.platform:xwiki-platform-help-ui
(Maven)
Dec 12, 2024
XWiki allows RCE from script right in configurable sections
Critical
CVE-2024-55879
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Dec 12, 2024
undertow: information leakage via HTTP/2 request header reuse
High
CVE-2024-4109
was published
for
io.undertow:undertow-core
(Maven)
Dec 12, 2024
io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling
High
CVE-2024-12397
was published
for
io.quarkus.http:quarkus-http-core
(Maven)
Dec 12, 2024
Apache Struts file upload logic is flawed
Critical
CVE-2024-53677
was published
for
org.apache.struts:struts2-core
(Maven)
Dec 11, 2024
WildFly Elytron OpenID Connect Client Extension authorization code injection attack
Moderate
CVE-2024-12369
was published
for
org.wildfly:wildfly-elytron-oidc-client-subsystem
(Maven)
Dec 9, 2024
sigstore-java has a vulnerability with bundle verification
Low
CVE-2024-54140
was published
for
dev.sigstore:sigstore-java
(Maven)
Dec 5, 2024
Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore
High
CVE-2022-41137
was published
for
org.apache.hive:hive-exec
(Maven)
Dec 5, 2024
Spring LDAP data exposure vulnerability
Moderate
CVE-2024-38829
was published
for
org.springframework.ldap:spring-ldap-core
(Maven)
Dec 4, 2024
Apache Ozone: Improper authentication when generating S3 secrets
High
CVE-2024-45106
was published
for
org.apache.ozone:ozone
(Maven)
Dec 3, 2024
AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s
Critical
CVE-2024-53990
was published
for
org.asynchttpclient:async-http-client
(Maven)
Dec 2, 2024
Netty vulnerability included in redis lettuce
Moderate
GHSA-q4h9-7rxj-7gx2
was published
for
io.lettuce:lettuce-core
(Maven)
Dec 2, 2024
veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability
Low
CVE-2024-52800
was published
for
org.verapdf:core
(Maven)
Dec 2, 2024
Spring Framework has Authorization Bypass for Case Sensitive Comparisons
Moderate
CVE-2024-38827
was published
for
org.springframework:spring-beans
(Maven)
Dec 2, 2024
Ant-Media-Server vulnerable to Improper Output Neutralization for Logs
High
CVE-2024-35371
was published
for
io.antmedia:ant-media-server
(Maven)
Nov 29, 2024
Querydsl vulnerable to HQL injection trough orderBy
High
CVE-2024-49203
was published
for
com.querydsl:querydsl-apt
(Maven)
Nov 27, 2024
Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability
Moderate
CVE-2024-54004
was published
for
aendter.jenkins.plugins:filesystem-list-parameter-plugin
(Maven)
Nov 27, 2024
Jenkins Simple Queue Plugin has stored cross-site scripting (XSS) vulnerability
High
CVE-2024-54003
was published
for
io.jenkins.plugins:simple-queue
(Maven)
Nov 27, 2024
sigstore-java has vulnerability with bundle verification
Moderate
CVE-2024-53267
was published
for
dev.sigstore:sigstore-java
(Maven)
Nov 26, 2024
Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination
High
CVE-2024-10039
was published
for
org.keycloak:keycloak-core
(Maven)
Nov 25, 2024
Keycloak proxy header handling Denial-of-Service (DoS) vulnerability
Moderate
CVE-2024-9666
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
ProTip!
Advisories are also available from the
GraphQL API