Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

93 advisories

Loading
Apache Syncope Improper Input Validation vulnerability Moderate
CVE-2024-38503 was published for org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui (Maven) Jul 22, 2024
Apache CXF Denial of Service vulnerability in JOSE Moderate
CVE-2024-32007 was published for org.apache.cxf:cxf-rt-rs-security-jose (Maven) Jul 19, 2024
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow Moderate
CVE-2023-6717 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Apache Zeppelin: LDAP search filter query Injection Vulnerability Moderate
CVE-2024-31867 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
oscerd
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges Moderate
CVE-2024-31865 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
oscerd
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE Moderate
CVE-2022-47894 was published for org.apache.zeppelin:sap (Maven) Apr 9, 2024
Apache Zeppelin: Denial of service with invalid notebook name Moderate
CVE-2024-31862 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
Apache Zeppelin Path Traversal vulnerability Moderate
CVE-2024-31860 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API Moderate
CVE-2024-23634 was published for org.geoserver:gs-restconfig (Maven) Mar 20, 2024
sikeoka
Improper Input Validation vulnerability in Apache Hop Engine Moderate
CVE-2024-24683 was published for org.apache.hop:hop (Maven) Mar 19, 2024
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests Moderate
CVE-2024-24549 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Mar 13, 2024
oscerd westonsteimel
Apache Ambari: Various Cross site scripting problems Moderate
CVE-2023-50378 was published for org.apache.ambari:ambari (Maven) Mar 1, 2024
oscerd
Apache James MIME4J improper input validation vulnerability Moderate
CVE-2024-21742 was published for org.apache.james:apache-mime4j-core (Maven) Feb 27, 2024
SMTP smuggling in Apache James Moderate
CVE-2023-51747 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd
WSO2 API Manager allows attackers to change the API rating Moderate
CVE-2023-6835 was published for org.wso2.carbon.apimgt:forum (Maven) Dec 15, 2023
OpenNMS Cross-site Scripting vulnerability Moderate
CVE-2023-40314 was published for org.opennms:opennms-webapp (Maven) Nov 17, 2023
Eclipse Parsson Denial of Service vulnerability Moderate
CVE-2023-4043 was published for org.eclipse.parsson:project (Maven) Nov 3, 2023
Eclipse Glassfish remote code execution issue Moderate
CVE-2023-5763 was published for org.glassfish.main.orb:orb-connector (Maven) Nov 3, 2023
Apache Tomcat Improper Input Validation vulnerability Moderate
CVE-2023-45648 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 10, 2023
biehl1 mpihelgas
Microsoft Common Data Model SDK Denial of Service Vulnerability Moderate
CVE-2023-36566 was published for Microsoft.CommonDataModel.ObjectModel (Maven) Oct 10, 2023
degant
Apache Commons Compress denial of service vulnerability Moderate
CVE-2023-42503 was published for org.apache.commons:commons-compress (Maven) Sep 14, 2023
Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation Moderate
CVE-2023-37948 was published for org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute (Maven) Jul 12, 2023
Apache Zeppelin Improper Input Validation vulnerability Moderate
CVE-2021-28655 was published for org.apache.zeppelin:zeppelin (Maven) Jul 6, 2023
Apache Any23 vulnerable to excessive memory usage Moderate
CVE-2023-34150 was published for org.apache.any23:apache-any23 (Maven) Jul 5, 2023
Apache Linkis vulnerable to Exposure of Sensitive Information Moderate
CVE-2022-44644 was published for org.apache.linkis:linkis (Maven) Jan 31, 2023
ProTip! Advisories are also available from the GraphQL API