GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,961
Composer 4,055
Erlang 29
GitHub Actions 19
Go 1,889
Maven 5,076
npm 3,605
NuGet 638
pip 3,208
Pub 10
RubyGems 852
Rust 816
Swift 35

Unreviewed advisories

All unreviewed 227,390

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

22 advisories

Filter by severity

Sort by

Least recently updated

XWiki programming rights may be inherited by inclusion Critical

CVE-2024-38369 was published for org.xwiki.platform:xwiki-platform-rendering-macro-include (Maven) Jun 24, 2024

Apache Submarine Server Core Incorrect Authorization vulnerability Critical

CVE-2024-36265 was published for org.apache.submarine:submarine-server-core (Maven) Jun 12, 2024

XWiki Platform privilege escalation from script right to programming right through title displayer Critical

CVE-2023-46244 was published for org.xwiki.platform:xwiki-platform-display-api (Maven) Nov 7, 2023

Apache Pulsar Incorrect Authorization vulnerability Critical

CVE-2023-30429 was published for org.apache.pulsar:pulsar (Maven) Jul 12, 2023

Privilege escalation (PR)/RCE from account through class sheet Critical

CVE-2023-32069 was published for org.xwiki.platform:xwiki-platform-test-ui (Maven) May 11, 2023

Spring Security authorization rules can be bypassed via forward or include dispatcher types Critical

CVE-2022-31692 was published for org.springframework.security:spring-security-core (Maven) Nov 1, 2022

Pebble Templates protection mechanism bypass can lead to arbitrary code execution Critical

CVE-2022-37767 was published for io.pebbletemplates:pebble (Maven) Sep 13, 2022

Improper Authorization in Apache Shiro Critical

CVE-2022-32532 was published for org.apache.shiro:shiro-core (Maven) Jun 30, 2022

Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical

CVE-2021-21693 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022

Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical

CVE-2021-21692 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022

Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical

CVE-2021-21691 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022

Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin Critical

CVE-2019-10458 was published for org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline (Maven) May 24, 2022

Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin Critical

CVE-2019-10418 was published for io.fabric8.pipeline:kubernetes-pipeline-arquillian-steps (Maven) May 24, 2022

Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin Critical

CVE-2019-10417 was published for io.fabric8.pipeline:kubernetes-pipeline-steps (Maven) May 24, 2022

Sandbox bypass in ontrack Jenkins Plugin Critical

CVE-2019-10306 was published for org.jenkins-ci.plugins:ontrack (Maven) May 24, 2022

Authorization bypass in Spring Security Critical

CVE-2022-22978 was published for org.springframework.security:spring-security-core (Maven) May 20, 2022

Keycloak vulnerable to privilege escalation on Token Exchange feature Critical

CVE-2022-1245 was published for org.keycloak:keycloak-services (Maven) Apr 26, 2022

Access Control vulnerability within CoreNLP Critical

CVE-2021-44550 was published for edu.stanford.nlp:stanford-corenlp (Maven) Feb 25, 2022

Incorrect Authorization in Apache Solr Critical

CVE-2020-13957 was published for org.apache.solr:solr-parent (Maven) Feb 10, 2022

Incorrect Authorization in Apache Ozone Critical

CVE-2021-39233 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021

Incorrect Authorization in Apache Solr Critical

CVE-2021-29943 was published for org.apache.solr:solr-parent (Maven) May 10, 2021

Potential session hijack in Apache CXF Critical

CVE-2019-12419 was published for org.apache.cxf:cxf (Maven) Nov 8, 2019

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

22 advisories