GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
30
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,683
NuGet
650
pip
3,299
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,718 advisories
Filter by severity
Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users
High
CVE-2024-23320
was published
for
org.apache.dolphinscheduler:dolphinscheduler-master
(Maven)
Feb 23, 2024
Spring Web vulnerable to Open Redirect or Server Side Request Forgery
High
CVE-2024-22243
was published
for
org.springframework:spring-web
(Maven)
Feb 23, 2024
Deserialization of Untrusted Data in Apache Camel SQL
High
CVE-2024-22369
was published
for
org.apache.camel:camel-sql
(Maven)
Feb 20, 2024
Deserialization of Untrusted Data in Apache Camel CassandraQL
High
CVE-2024-23114
was published
for
org.apache.camel:camel-cassandraql
(Maven)
Feb 20, 2024
Improper Certificate Validation in Apache DolphinScheduler
High
CVE-2023-49250
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
Arbitrary File Read Vulnerability in Apache Dolphinscheduler
High
CVE-2023-51770
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
High
CVE-2024-22234
was published
for
org.springframework.security:spring-security-core
(Maven)
Feb 20, 2024
Undertow Uncontrolled Resource Consumption Vulnerability
High
CVE-2024-1635
was published
for
io.undertow:undertow-core
(Maven)
Feb 20, 2024
Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file
High
CVE-2024-25710
was published
for
org.apache.commons:commons-compress
(Maven)
Feb 19, 2024
OpenRefine JDBC Attack Vulnerability
High
CVE-2024-23833
was published
for
org.openrefine:database
(Maven)
Feb 12, 2024
Denial of Service in Connect2id Nimbus JOSE+JWT
High
CVE-2023-52428
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
Feb 11, 2024
angular vulnerable to super-linear runtime due to backtracking
High
CVE-2024-21490
was published
for
angular
(Maven)
Feb 10, 2024
XXL-JOB vulnerable to Server-Side Request Forgery
High
CVE-2024-24113
was published
for
com.xuxueli:xxl-job
(Maven)
Feb 8, 2024
Liferay Portal vulnerable to user impersonation
High
CVE-2024-25148
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
Graylog vulnerable to instantiation of arbitrary classes triggered by API request
High
CVE-2024-24824
was published
for
org.graylog2:graylog2-server
(Maven)
Feb 7, 2024
Liferay Portal denial of service (memory consumption)
High
CVE-2024-25143
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Feb 7, 2024
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability
High
CVE-2023-51437
was published
for
org.apache.pulsar:pulsar-broker-auth-sasl
(Maven)
Feb 7, 2024
Apache Sling Servlets Resolver executes malicious code via path traversal
High
CVE-2024-23673
was published
for
org.apache.sling:org.apache.sling.servlets.resolver
(Maven)
Feb 6, 2024
mingSoft MCMS File Upload vulnerability
High
CVE-2024-22567
was published
for
net.mingsoft:ms-mcms
(Maven)
Feb 5, 2024
CrateDB authentication bypass vulnerability
High
CVE-2023-51982
was published
for
crate
(Maven)
Jan 30, 2024
Apache Kylin has Insufficiently Protected Credentials
High
CVE-2023-29055
was published
for
org.apache.kylin:kylin-core-common
(Maven)
Jan 29, 2024
Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability
High
CVE-2023-6267
was published
for
io.quarkus.resteasy.reactive:resteasy-reactive
(Maven)
Jan 25, 2024
Arbitrary file read vulnerability in Git server Plugin can lead to RCE
High
CVE-2024-23899
was published
for
org.jenkins-ci.plugins:git-server
(Maven)
Jan 24, 2024
Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
High
CVE-2024-23898
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jan 24, 2024
Content-Security-Policy disabled by Red Hat Dependency Analytics Jenkins Plugin
High
CVE-2024-23905
was published
for
io.jenkins.plugins:redhat-dependency-analytics
(Maven)
Jan 24, 2024
ProTip!
Advisories are also available from the
GraphQL API