GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,015
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,765 advisories
Filter by severity
Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying
High
CVE-2024-27894
was published
for
org.apache.pulsar:pulsar-functions-worker
(Maven)
Mar 12, 2024
Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification
High
CVE-2024-27317
was published
for
org.apache.pulsar:pulsar-functions-worker
(Maven)
Mar 12, 2024
Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint
High
CVE-2022-34321
was published
for
org.apache.pulsar:pulsar-proxy
(Maven)
Mar 12, 2024
Jenkins OWASP Dependency-Check Plugin has stored XSS vulnerability
High
CVE-2024-28153
was published
for
org.jenkins-ci.plugins:dependency-check-jenkins-plugin
(Maven)
Mar 6, 2024
Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting
High
CVE-2024-28156
was published
for
org.jenkins-ci.plugins:build-monitor-plugin
(Maven)
Mar 6, 2024
Jenkins HTML Publisher Plugin does not properly sanitize input
High
CVE-2024-28149
was published
for
org.jenkins-ci.plugins:htmlpublisher
(Maven)
Mar 6, 2024
Jenkins GitBucket Plugin vulnerable to stored Cross-site Scripting
High
CVE-2024-28157
was published
for
org.jenkins-ci.plugins:gitbucket
(Maven)
Mar 6, 2024
Jenkins HTML Publisher Plugin Stored XSS vulnerability
High
CVE-2024-28150
was published
for
org.jenkins-ci.plugins:htmlpublisher
(Maven)
Mar 6, 2024
Apache Archiva Incorrect Authorization vulnerability
High
CVE-2024-27138
was published
for
org.apache.archiva:archiva
(Maven)
Mar 1, 2024
Apache Archiva Incorrect Authorization vulnerability
High
CVE-2024-27139
was published
for
org.apache.archiva:archiva
(Maven)
Mar 1, 2024
Reading specially crafted serializable objects from an untrusted source may cause an infinite loop and denial of service
High
CVE-2024-22871
was published
for
org.clojure:clojure
(Maven)
Feb 29, 2024
Missing permission checks on Hazelcast client protocol
High
CVE-2023-45859
was published
for
com.hazelcast:hazelcast
(Maven)
Feb 27, 2024
SMTP smuggling in Apache James
High
CVE-2023-51747
was published
for
org.apache.james:james-server
(Maven)
Feb 27, 2024
Apache Ambari: authenticated users could perform command injection to perform RCE
High
CVE-2023-50379
was published
for
org.apache.ambari.contrib.views:ambari-contrib-views
(Maven)
Feb 27, 2024
Connection leaking on idle timeout when TCP congested
High
CVE-2024-22201
was published
for
org.eclipse.jetty.http2:http2-common
(Maven)
Feb 26, 2024
Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users
High
CVE-2024-23320
was published
for
org.apache.dolphinscheduler:dolphinscheduler-master
(Maven)
Feb 23, 2024
Spring Web vulnerable to Open Redirect or Server Side Request Forgery
High
CVE-2024-22243
was published
for
org.springframework:spring-web
(Maven)
Feb 23, 2024
Deserialization of Untrusted Data in Apache Camel SQL
High
CVE-2024-22369
was published
for
org.apache.camel:camel-sql
(Maven)
Feb 20, 2024
Deserialization of Untrusted Data in Apache Camel CassandraQL
High
CVE-2024-23114
was published
for
org.apache.camel:camel-cassandraql
(Maven)
Feb 20, 2024
Arbitrary File Read Vulnerability in Apache Dolphinscheduler
High
CVE-2023-51770
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
Improper Certificate Validation in Apache DolphinScheduler
High
CVE-2023-49250
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
High
CVE-2024-22234
was published
for
org.springframework.security:spring-security-core
(Maven)
Feb 20, 2024
Undertow Uncontrolled Resource Consumption Vulnerability
High
CVE-2024-1635
was published
for
io.undertow:undertow-core
(Maven)
Feb 20, 2024
Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file
High
CVE-2024-25710
was published
for
org.apache.commons:commons-compress
(Maven)
Feb 19, 2024
Hazelcast Platform permission checking in CSV File Source connector
High
CVE-2023-45860
was published
for
com.hazelcast:hazelcast
(Maven)
Feb 16, 2024
ProTip!
Advisories are also available from the
GraphQL API