GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
93 advisories
Filter by severity
Undertow Denial of Service vulnerability
Moderate
CVE-2023-1973
was published
for
io.undertow:undertow-core
(Maven)
Nov 7, 2024
Apache Syncope: Stored XSS in Console and Enduser
Moderate
CVE-2024-45031
was published
for
org.apache.syncope.client:syncope-client-console
(Maven)
Oct 24, 2024
Apache CXF Denial of Service vulnerability in JOSE
Moderate
CVE-2024-32007
was published
for
org.apache.cxf:cxf-rt-rs-security-jose
(Maven)
Jul 19, 2024
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow
Moderate
CVE-2023-6717
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Apache Zeppelin: LDAP search filter query Injection Vulnerability
Moderate
CVE-2024-31867
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges
Moderate
CVE-2024-31865
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Apache Zeppelin: Denial of service with invalid notebook name
Moderate
CVE-2024-31862
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE
Moderate
CVE-2022-47894
was published
for
org.apache.zeppelin:sap
(Maven)
Apr 9, 2024
Apache Zeppelin Path Traversal vulnerability
Moderate
CVE-2024-31860
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API
Moderate
CVE-2024-23634
was published
for
org.geoserver:gs-restconfig
(Maven)
Mar 20, 2024
Improper Input Validation vulnerability in Apache Hop Engine
Moderate
CVE-2024-24683
was published
for
org.apache.hop:hop
(Maven)
Mar 19, 2024
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
Moderate
CVE-2024-24549
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Mar 13, 2024
Apache Ambari: Various Cross site scripting problems
Moderate
CVE-2023-50378
was published
for
org.apache.ambari:ambari
(Maven)
Mar 1, 2024
Apache James MIME4J improper input validation vulnerability
Moderate
CVE-2024-21742
was published
for
org.apache.james:apache-mime4j-core
(Maven)
Feb 27, 2024
WSO2 API Manager allows attackers to change the API rating
Moderate
CVE-2023-6835
was published
for
org.wso2.carbon.apimgt:forum
(Maven)
Dec 15, 2023
OpenNMS Cross-site Scripting vulnerability
Moderate
CVE-2023-40314
was published
for
org.opennms:opennms-webapp
(Maven)
Nov 17, 2023
Eclipse Glassfish remote code execution issue
Moderate
CVE-2023-5763
was published
for
org.glassfish.main.orb:orb-connector
(Maven)
Nov 3, 2023
Eclipse Parsson Denial of Service vulnerability
Moderate
CVE-2023-4043
was published
for
org.eclipse.parsson:project
(Maven)
Nov 3, 2023
Apache Tomcat Improper Input Validation vulnerability
Moderate
CVE-2023-45648
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 10, 2023
Microsoft Common Data Model SDK Denial of Service Vulnerability
Moderate
CVE-2023-36566
was published
for
Microsoft.CommonDataModel.ObjectModel
(Maven)
Oct 10, 2023
Apache Commons Compress denial of service vulnerability
Moderate
CVE-2023-42503
was published
for
org.apache.commons:commons-compress
(Maven)
Sep 14, 2023
Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation
Moderate
CVE-2023-37948
was published
for
org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute
(Maven)
Jul 12, 2023
Apache Zeppelin Improper Input Validation vulnerability
Moderate
CVE-2021-28655
was published
for
org.apache.zeppelin:zeppelin
(Maven)
Jul 6, 2023
Apache Any23 vulnerable to excessive memory usage
Moderate
CVE-2023-34150
was published
for
org.apache.any23:apache-any23
(Maven)
Jul 5, 2023
Apache Linkis vulnerable to Exposure of Sensitive Information
Moderate
CVE-2022-44644
was published
for
org.apache.linkis:linkis
(Maven)
Jan 31, 2023
ProTip!
Advisories are also available from the
GraphQL API