GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
30
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,683
NuGet
650
pip
3,299
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,718 advisories
Filter by severity
Insecure Default Initialization of Resource vulnerability in Apache Solr
High
CVE-2024-45217
was published
for
org.apache.solr:solr
(Maven)
Oct 16, 2024
SAK-50571 Sakai Kernel users created with type roleview can login as a normal user
High
CVE-2024-47876
was published
for
org.sakaiproject.kernel:sakai-kernel-impl
(Maven)
Oct 15, 2024
Session fixation in Elytron SAML adapters
High
GHSA-5rxp-2rhr-qwqv
was published
for
org.keycloak:keycloak-services
(Maven)
Oct 14, 2024
Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak
High
GHSA-xgfv-xpx8-qhcr
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Oct 14, 2024
Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
High
CVE-2023-50780
was published
for
org.apache.activemq:artemis-cli
(Maven)
Oct 14, 2024
Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader
High
CVE-2024-47554
was published
for
commons-io:commons-io
(Maven)
Oct 3, 2024
Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability
High
CVE-2024-39928
was published
for
org.apache.linkis:linkis-engineplugin-spark
(Maven)
Sep 25, 2024
DataEase has an XML External Entity Reference vulnerability
High
CVE-2024-46985
was published
for
io.dataease:common
(Maven)
Sep 23, 2024
Keycloak Open Redirect vulnerability
High
CVE-2024-8883
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 19, 2024
Keycloak SAML signature validation flaw
High
CVE-2024-8698
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Sep 19, 2024
protobuf-java has potential Denial of Service issue
High
CVE-2024-7254
was published
for
com.google.protobuf:protobuf-java
(RubyGems)
Sep 19, 2024
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack
High
CVE-2024-46984
was published
for
de.gematik.refv.commons:commons
(Maven)
Sep 19, 2024
SOFA Hessian Remote Command Execution (RCE) Vulnerability
High
CVE-2024-46983
was published
for
com.alipay.sofa:hessian
(Maven)
Sep 19, 2024
Apache Seata Deserialization of Untrusted Data vulnerability
High
CVE-2024-22399
was published
for
org.apache.seata:seata-core
(Maven)
Sep 16, 2024
Path traversal vulnerability in functional web frameworks
High
CVE-2024-38816
was published
for
org.springframework:spring-webmvc
(Maven)
Sep 13, 2024
Keycloak Session Fixation vulnerability
High
CVE-2024-7341
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 9, 2024
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`
High
CVE-2024-45294
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may
(Maven)
Sep 6, 2024
Missing hostname validation in Kroxylicious
High
CVE-2024-8285
was published
for
io.kroxylicious:kroxylicious-runtime
(Maven)
Aug 31, 2024
Undertow vulnerable to Race Condition
High
CVE-2024-7885
was published
for
io.undertow:undertow-core
(Maven)
Aug 21, 2024
Apache SeaTunnel SQL Injection vulnerability
High
CVE-2023-49198
was published
for
org.apache.seatunnel:seatunnel
(Maven)
Aug 21, 2024
Apache Helix Front (UI) component contained a hard-coded secret
High
CVE-2024-22281
was published
for
org.apache.helix:helix
(Maven)
Aug 21, 2024
Improper Preservation of Permissions in xxl-job
High
CVE-2024-42681
was published
for
com.xuxueli:xxl-job-core
(Maven)
Aug 15, 2024
Apache MINA SSHD: integrity check bypass
High
CVE-2024-41909
was published
for
org.apache.sshd:sshd-common
(Maven)
Aug 12, 2024
Apache DolphinScheduler: Resource File Read And Write Vulnerability
High
CVE-2024-30188
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Aug 12, 2024
Apache DolphinScheduler: RCE by arbitrary js execution
High
CVE-2024-29831
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Aug 12, 2024
ProTip!
Advisories are also available from the
GraphQL API