GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,319
Erlang
31
GitHub Actions
21
Go
2,077
Maven
5,000+
npm
3,747
NuGet
674
pip
3,435
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+
5,250 advisories
Filter by severity
Issue with whitespace in JWT roles in OpenSearch
Moderate
CVE-2023-23612
was published
for
org.opensearch.plugin:opensearch-security
(Maven)
Jan 24, 2023
Field-level security issue with .keyword fields in OpenSearch
Moderate
CVE-2023-23613
was published
for
org.opensearch.plugin:opensearch-security
(Maven)
Jan 24, 2023
Server-Side Forgery Request can be activated unmarshalling with XStream
Moderate
CVE-2020-26258
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 21, 2020
Insecure Temporary File in RESTEasy
Moderate
CVE-2023-0482
was published
for
org.jboss.resteasy:resteasy-core
(Maven)
Jan 15, 2025
Duplicate Advisory: Insecure Temporary File in RESTEasy
Moderate
GHSA-jrmh-v64j-mjm9
was published
for
org.jboss.resteasy:resteasy-core
(Maven)
Feb 18, 2023
•
withdrawn
Silverpeas Core Cross-site Scripting vulnerability
Moderate
CVE-2024-39031
was published
for
org.silverpeas.core:silverpeas-core-rs
(Maven)
Jul 9, 2024
Silverpeas Core vulnerable to Cross Site Scripting
Moderate
CVE-2024-29392
was published
for
org.silverpeas.core:silverpeas-core
(Maven)
May 22, 2024
Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP
High
CVE-2017-7561
was published
for
org.jboss.resteasy:resteasy-jaxrs
(Maven)
May 13, 2022
Privilege escalation in XXL-Job
High
CVE-2023-33779
was published
for
com.xuxueli:xxl-job
(Maven)
May 26, 2023
Wildfly HAL Console Cross-Site Scripting
Moderate
CVE-2025-23366
was published
for
org.jboss.hal:hal-console
(Maven)
Jan 14, 2025
XWiki Realtime WYSIWYG Editor extension allows privilege escalation (PR) through realtime WYSIWYG editing
Critical
CVE-2025-23025
was published
for
org.xwiki.platform:xwiki-platform-realtime-wysiwyg-ui
(Maven)
Jan 14, 2025
Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability
Moderate
CVE-2024-45627
was published
for
org.apache.linkis:linkis-metadata-query-service-jdbc
(Maven)
Jan 14, 2025
Denial of Service in Keycloak Server via Security Headers
Moderate
CVE-2024-11734
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Jan 13, 2025
Keycloak allows unrestricted admin use of system and environment variables
Moderate
CVE-2024-11736
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Jan 13, 2025
jte's HTML templates containing Javascript template strings are subject to XSS
Moderate
CVE-2025-23026
was published
for
gg.jte:jte
(Maven)
Jan 13, 2025
android-gif-drawable vulerable to denial of service due to unrestricted comment length
High
CVE-2022-23435
was published
for
pl.droidsonroids.gif:android-gif-drawable
(Maven)
Jan 20, 2022
android-gif-drawable Double Free vulnerability
High
CVE-2019-11932
was published
for
pl.droidsonroids.gif:android-gif-drawable
(Maven)
May 24, 2022
Spring MVC controller vulnerable to a DoS attack
Moderate
CVE-2024-38828
was published
for
org.springframework:spring-webmvc
(Maven)
Nov 18, 2024
Spring Framework has Authorization Bypass for Case Sensitive Comparisons
Moderate
CVE-2024-38827
was published
for
org.springframework.security:spring-security-core
(Maven)
Dec 2, 2024
Apache Hadoop allows local user to gain root privileges
High
CVE-2023-26031
was published
for
org.apache.hadoop:hadoop-yarn-project
(Maven)
Nov 16, 2023
Spring Framework Path Traversal vulnerability
High
CVE-2024-38819
was published
for
org.springframework:spring-webflux
(Maven)
Dec 19, 2024
veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability
Low
CVE-2024-52800
was published
for
org.verapdf:core
(Maven)
Dec 2, 2024
XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution
Critical
CVE-2024-31996
was published
for
org.xwiki.commons:xwiki-commons-velocity
(Maven)
Apr 10, 2024
XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet
Critical
CVE-2024-31465
was published
for
org.xwiki.platform:xwiki-platform-search-ui
(Maven)
Apr 10, 2024
XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted
Moderate
CVE-2024-31464
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 10, 2024
ProTip!
Advisories are also available from the
GraphQL API