GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,449 advisories
Filter by severity
Debezium database connector has a script injection vulnerability
Moderate
CVE-2023-1419
was published
for
io.debezium:debezium-connector-mysql
(Maven)
Nov 17, 2024
FitNesse Path Traversal
Moderate
CVE-2024-42499
was published
for
org.fitnesse:fitnesse
(Maven)
Nov 15, 2024
FitNesse Cross-site scripting
Moderate
CVE-2024-39610
was published
for
org.fitnesse:fitnesse
(Maven)
Nov 15, 2024
Missing permission check in Jenkins Script Security Plugin
Moderate
CVE-2024-52549
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
Nov 13, 2024
Denial of Service attack on windows app using netty
Moderate
CVE-2024-47535
was published
for
io.netty:netty-common
(Maven)
Nov 12, 2024
hibernate-validator Cross-site Scripting vulnerability
Moderate
CVE-2023-1932
was published
for
org.hibernate.validator:hibernate-validator
(Maven)
Nov 7, 2024
Undertow Denial of Service vulnerability
Moderate
CVE-2023-1973
was published
for
io.undertow:undertow-core
(Maven)
Nov 7, 2024
Snowflake JDBC Security Advisory
Moderate
CVE-2024-43382
was published
for
net.snowflake:snowflake-jdbc
(Maven)
Oct 30, 2024
Apache NiFi Cross-site Scripting vulnerability
Moderate
CVE-2024-45477
was published
for
org.apache.nifi:nifi-web-ui
(Maven)
Oct 29, 2024
MPXJ has a Potential Path Traversal Vulnerability
Moderate
CVE-2024-49771
was published
for
MPXJ.Net
(RubyGems)
Oct 28, 2024
Butterfly's parseJSON, getJSON functions eval malicious input, leading to remote code execution (RCE)
Moderate
GHSA-mpcw-3j5p-p99x
was published
for
org.openrefine.dependencies:butterfly
(Maven)
Oct 24, 2024
OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project
Moderate
CVE-2024-47882
was published
for
org.openrefine:openrefine
(Maven)
Oct 24, 2024
Apache Syncope: Stored XSS in Console and Enduser
Moderate
CVE-2024-45031
was published
for
org.apache.syncope.client:syncope-client-console
(Maven)
Oct 24, 2024
Spring Framework DataBinder Case Sensitive Match Exception
Moderate
CVE-2024-38820
was published
for
org.springframework:spring-context
(Maven)
Oct 18, 2024
JetBrains Ktor information disclosure
Moderate
CVE-2024-49580
was published
for
io.ktor:ktor-client-core-jvm
(Maven)
Oct 17, 2024
Eclipse Jetty URI parsing of invalid authority
Moderate
CVE-2024-6763
was published
for
org.eclipse.jetty:jetty-http
(Maven)
Oct 14, 2024
Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
Moderate
CVE-2024-8184
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 14, 2024
Keycloaks's One Time Passcode (OTP) is valid longer than expiration timeSeverity
Moderate
CVE-2024-7318
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 14, 2024
Keycloak has Vulnerable Redirect URI Validation Results in Open Redirect
Moderate
CVE-2024-8883
was published
for
org.keycloak:keycloak-services
(Maven)
Oct 14, 2024
Eclipse Jetty has a denial of service vulnerability on DosFilter
Moderate
CVE-2024-9823
was published
for
org.eclipse.jetty.ee10:jetty-ee10-servlets
(Maven)
Oct 14, 2024
Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability
Moderate
CVE-2024-28168
was published
for
org.apache.xmlgraphics:fop-core
(Maven)
Oct 9, 2024
HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4
Moderate
CVE-2024-9622
was published
for
org.jboss.resteasy:resteasy-netty4-cdi
(Maven)
Oct 8, 2024
Quarkus CXF logs passwords and other secrets
Moderate
CVE-2024-9621
was published
for
io.quarkiverse.cxf:quarkus-cxf
(Maven)
Oct 8, 2024
JSON-lib mishandles an unbalanced comment string
Moderate
CVE-2024-47855
was published
for
org.kordamp.json:json-lib-core
(Maven)
Oct 4, 2024
Jenkins exposes multi-line secrets through error messages
Moderate
CVE-2024-47803
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Oct 2, 2024
ProTip!
Advisories are also available from the
GraphQL API