GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,726
Composer 4,023
Erlang 29
GitHub Actions 16
Go 1,830
Maven 5,045
npm 3,573
NuGet 632
pip 3,156
Pub 10
RubyGems 847
Rust 796
Swift 34

Unreviewed advisories

All unreviewed 224,701

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

710 advisories

Filter by severity

Sort by

Least recently updated

XWiki Platform: Remote code execution from edit in multilingual wikis via translations Critical

CVE-2024-31983 was published for org.xwiki.platform:xwiki-platform-localization-source-wiki (Maven) Apr 10, 2024

XWiki Platform: Remote code execution as guest via DatabaseSearch Critical

CVE-2024-31982 was published for org.xwiki.platform:xwiki-platform-search-ui (Maven) Apr 10, 2024

XWiki Platform: Privilege escalation (PR) from user registration through PDFClass Critical

CVE-2024-31981 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 10, 2024

XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet Critical

CVE-2024-31465 was published for org.xwiki.platform:xwiki-platform-search-ui (Maven) Apr 10, 2024

Apache Zeppelin remote code execution by adding malicious JDBC connection string Critical

CVE-2024-31864 was published for org.apache.zeppelin:zeppelin-jdbc (Maven) Apr 9, 2024

SSRF vulnerability using the Aegis DataBinding in Apache CXF Critical

CVE-2024-28752 was published for org.apache.cxf:cxf-core (Maven) Mar 15, 2024

Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability Critical

CVE-2024-26580 was published for org.apache.inlong:manager-common (Maven) Mar 6, 2024

SAML authentication bypass due to missing validation on unsigned SAML messages Critical

GHSA-hx5q-v6pj-533r was published for com.linecorp.centraldogma:centraldogma-server-auth-saml (Maven) Feb 26, 2024

Armeria SAML authentication bypass due to missing validation on unsigned SAML messages Critical

CVE-2024-1735 was published for com.linecorp.armeria:armeria-saml (Maven) Feb 26, 2024

org.postgresql:postgresql vulnerable to SQL Injection via line comment generation Critical

CVE-2024-1597 was published for org.postgresql:postgresql (Maven) Feb 21, 2024

Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting Critical

CVE-2023-47795 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024

Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting Critical

CVE-2024-25603 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024

Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting Critical

CVE-2024-26266 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024

Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting Critical

CVE-2024-26269 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024

Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting Critical

CVE-2024-25601 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024

Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting Critical

CVE-2024-25602 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024

Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting Critical

CVE-2024-25147 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024

Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting Critical

CVE-2023-42496 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024

Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting Critical

CVE-2024-25152 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024

Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting Critical

CVE-2023-40191 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024

Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting Critical

CVE-2023-42498 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024

Duplicate Advisory: SQL injection in pgjdbc Critical

GHSA-xfg6-62px-cxc2 was published for org.postgresql:postgresql (Maven) Feb 19, 2024 • withdrawn

Liferay Portal stored cross-site scripting (XSS) vulnerability Critical

CVE-2024-25145 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 7, 2024

Central Dogma Authentication Bypass Vulnerability via Session Leakage Critical

CVE-2024-1143 was published for com.linecorp.centraldogma:centraldogma-server (Maven) Feb 2, 2024

Beetl Server-Side Template Injection vulnerability Critical

CVE-2024-22533 was published for com.ibeetl:beetl-core (Maven) Feb 2, 2024

Previous 1 2 3 4 5 … 28 29 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

710 advisories