GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,361
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,794
NuGet
685
pip
3,473
Pub
12
RubyGems
895
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+
2,492 advisories
Filter by severity
Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions
Moderate
CVE-2025-24860
was published
for
org.apache.cassandra:cassandra-all
(Maven)
Feb 4, 2025
Apache Cassandra: unrestricted deserialization of JMX authentication credentials
Moderate
CVE-2024-27137
was published
for
org.apache.cassandra:cassandra-all
(Maven)
Feb 4, 2025
Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider
Moderate
CVE-2024-31141
was published
for
org.apache.kafka:kafka-clients
(Maven)
Nov 19, 2024
Denial of Service attack on windows app using netty
Moderate
CVE-2024-47535
was published
for
io.netty:netty-common
(Maven)
Nov 12, 2024
Apache James MIME4J improper input validation vulnerability
Moderate
CVE-2024-21742
was published
for
org.apache.james:apache-mime4j-core
(Maven)
Feb 27, 2024
Denial of Service attack on windows app using Netty
Moderate
CVE-2025-25193
was published
for
io.netty:netty-common
(Maven)
Feb 10, 2025
Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user
Moderate
CVE-2024-46910
was published
for
org.apache.atlas:apache-atlas
(Maven)
Feb 13, 2025
Apache StreamPark: maven build params could trigger remote command execution
Moderate
CVE-2024-29737
was published
for
org.apache.streampark:streampark
(Maven)
Jul 17, 2024
Apache StreamPark: Unchecked maven build params could trigger remote command execution
Moderate
CVE-2023-52291
was published
for
org.apache.streampark:streampark
(Maven)
Jul 17, 2024
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2024-21733
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 19, 2024
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
Moderate
CVE-2023-43123
was published
for
org.apache.storm:storm-core
(Maven)
Nov 23, 2023
Elasticsearch allows insertion of sensitive information into log files when using deprecated URIs
Moderate
CVE-2023-31417
was published
for
org.elasticsearch:elasticsearch
(Maven)
Oct 26, 2023
Apache Santuario - XML Security for Java are vulnerable to private key disclosure
Moderate
CVE-2023-44483
was published
for
org.apache.santuario:xmlsec
(Maven)
Oct 20, 2023
Apache Tomcat Incomplete Cleanup vulnerability
Moderate
CVE-2023-42795
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 10, 2023
Apache Tomcat Incomplete Cleanup vulnerability
Moderate
CVE-2023-42794
was published
for
org.apache.tomcat:tomcat-coyote
(Maven)
Oct 10, 2023
Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file
Moderate
CVE-2024-25710
was published
for
org.apache.commons:commons-compress
(Maven)
Feb 19, 2024
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file
Moderate
CVE-2024-26308
was published
for
org.apache.commons:commons-compress
(Maven)
Feb 19, 2024
Apache Commons Compress denial of service vulnerability
Moderate
CVE-2023-42503
was published
for
org.apache.commons:commons-compress
(Maven)
Sep 14, 2023
Apache Batik information disclosure vulnerability
Moderate
CVE-2022-44730
was published
for
org.apache.xmlgraphics:batik-script
(Maven)
Aug 22, 2023
Apache NiFi Insufficient Property Validation vulnerability
Moderate
CVE-2023-40037
was published
for
org.apache.nifi:nifi-dbcp-base
(Maven)
Aug 19, 2023
Apache Archiva Reflected Cross-site Scripting vulnerability
Moderate
CVE-2024-27140
was published
for
org.apache.archiva:archiva-common
(Maven)
Mar 1, 2024
Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged
Moderate
CVE-2023-50740
was published
for
org.apache.linkis:linkis
(Maven)
Mar 6, 2024
Apache Pulsar: Improper Authorization For Topic-Level Policy Management
Moderate
CVE-2024-28098
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Mar 12, 2024
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat
Moderate
CVE-2024-23672
was published
for
org.apache.tomcat.embed:tomcat-embed-websocket
(Maven)
Mar 13, 2024
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
Moderate
CVE-2024-24549
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Mar 13, 2024
ProTip!
Advisories are also available from the
GraphQL API