GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,392 advisories
Filter by severity
Cross-Site Request Forgery in Apache Wicket
Moderate
CVE-2024-27439
was published
for
org.apache.wicket:wicket
(Maven)
Mar 19, 2024
Improper Input Validation vulnerability in Apache Hop Engine
Moderate
CVE-2024-24683
was published
for
org.apache.hop:hop
(Maven)
Mar 19, 2024
Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling
Moderate
CVE-2024-23944
was published
for
org.apache.zookeeper:zookeeper
(Maven)
Mar 15, 2024
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
Moderate
CVE-2024-24549
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Mar 13, 2024
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat
Moderate
CVE-2024-23672
was published
for
org.apache.tomcat.embed:tomcat-embed-websocket
(Maven)
Mar 13, 2024
Apache Pulsar: Improper Authorization For Topic-Level Policy Management
Moderate
CVE-2024-28098
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Mar 12, 2024
Jenkins Subversion Partial Release Manager Plugin missing permission check
Moderate
CVE-2024-28159
was published
for
org.jenkins-ci.plugins:svn-partial-release-mgr
(Maven)
Mar 6, 2024
Jenkins docker-build-step Plugin Cross-Site Request Forgery vulnerability
Moderate
CVE-2024-2215
was published
for
org.jenkins-ci.plugins:docker-build-step
(Maven)
Mar 6, 2024
Jenkins Delphix Plugin has improper SSL/TLS certificate validation
Moderate
CVE-2024-28162
was published
for
org.jenkins-ci.plugins:delphix
(Maven)
Mar 6, 2024
Jenkins docker-build-step Plugin missing permission check
Moderate
CVE-2024-2216
was published
for
org.jenkins-ci.plugins:docker-build-step
(Maven)
Mar 6, 2024
Jenkins Delphix Plugin has SSL/TLS certificate validation disabled by default
Moderate
CVE-2024-28161
was published
for
org.jenkins-ci.plugins:delphix
(Maven)
Mar 6, 2024
Jenkins AppSpider Plugin missing permission checks
Moderate
CVE-2024-28155
was published
for
com.rapid7:jenkinsci-appspider-plugin
(Maven)
Mar 6, 2024
Jenkins Subversion Partial Release Manager Plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2024-28158
was published
for
org.jenkins-ci.plugins:svn-partial-release-mgr
(Maven)
Mar 6, 2024
Jenkins HTML Publisher Plugin Path traversal vulnerability
Moderate
CVE-2024-28151
was published
for
org.jenkins-ci.plugins:htmlpublisher
(Maven)
Mar 6, 2024
Jenkins Bitbucket Branch Source Plugin has incorrect trust policy behavior for pull requests
Moderate
CVE-2024-28152
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Mar 6, 2024
Jenkins MQ Notifier Plugin exposes sensitive information in build logs
Moderate
CVE-2024-28154
was published
for
com.sonymobile.jenkins.plugins.mq:mq-notifier
(Maven)
Mar 6, 2024
Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged
Moderate
CVE-2023-50740
was published
for
org.apache.linkis:linkis
(Maven)
Mar 6, 2024
Apache Archiva Incorrect Authorization vulnerability
Moderate
CVE-2024-27138
was published
for
org.apache.archiva:archiva
(Maven)
Mar 1, 2024
Apache Archiva Reflected Cross-site Scripting vulnerability
Moderate
CVE-2024-27140
was published
for
org.apache.archiva:archiva-common
(Maven)
Mar 1, 2024
Apache Ambari: Various Cross site scripting problems
Moderate
CVE-2023-50378
was published
for
org.apache.ambari:ambari
(Maven)
Mar 1, 2024
Reading specially crafted serializable objects from an untrusted source may cause an infinite loop and denial of service
Moderate
CVE-2024-22871
was published
for
org.clojure:clojure
(Maven)
Feb 29, 2024
jose4j denial of service via specifically crafted JWE
Moderate
CVE-2023-51775
was published
for
org.bitbucket.b_c:jose4j
(Maven)
Feb 29, 2024
Apache James MIME4J improper input validation vulnerability
Moderate
CVE-2024-21742
was published
for
org.apache.james:apache-mime4j-core
(Maven)
Feb 27, 2024
Apache Ambari XML External Entity injection
Moderate
CVE-2023-50380
was published
for
org.apache.ambari.contrib.views:wfmanager
(Maven)
Feb 27, 2024
SMTP smuggling in Apache James
Moderate
CVE-2023-51747
was published
for
org.apache.james:james-server
(Maven)
Feb 27, 2024
ProTip!
Advisories are also available from the
GraphQL API