GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
131 advisories
Filter by severity
Jenkins item creation restriction bypass vulnerability
Moderate
CVE-2024-47804
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Oct 2, 2024
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access
Moderate
CVE-2024-44076
was published
for
io.github.microcks:microcks-app
(Maven)
Aug 19, 2024
Alpine allows URL access filter bypass
High
CVE-2022-23553
was published
for
us.springett:alpine
(Maven)
Aug 5, 2024
XWiki programming rights may be inherited by inclusion
Critical
CVE-2024-38369
was published
for
org.xwiki.platform:xwiki-platform-rendering-macro-include
(Maven)
Jun 24, 2024
Apache Submarine Server Core Incorrect Authorization vulnerability
Critical
CVE-2024-36265
was published
for
apache-submarine
(Maven)
Jun 12, 2024
Ant Media Server does not properly authorize non-administrative API calls
Moderate
CVE-2024-3462
was published
for
io.antmedia:ant-media-server
(Maven)
May 14, 2024
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode
Moderate
CVE-2024-27309
was published
for
org.apache.kafka:kafka-metadata
(Maven)
Apr 12, 2024
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
Moderate
CVE-2024-29834
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Apr 2, 2024
Elasticsearch Incorrect Authorization vulnerability
Moderate
CVE-2024-23451
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 27, 2024
Ignite Realtime Openfire privilege escalation vulnerability
High
CVE-2024-25421
was published
for
org.igniterealtime.openfire:xmppserver
(Maven)
Mar 26, 2024
Ignite Realtime Openfire privilege escalation vulnerability
High
CVE-2024-25420
was published
for
org.igniterealtime.openfire:xmppserver
(Maven)
Mar 26, 2024
Apache Pulsar: Improper Authorization For Topic-Level Policy Management
Moderate
CVE-2024-28098
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Mar 12, 2024
Apache Archiva Incorrect Authorization vulnerability
High
CVE-2024-27138
was published
for
org.apache.archiva:archiva
(Maven)
Mar 1, 2024
Apache Archiva Incorrect Authorization vulnerability
High
CVE-2024-27139
was published
for
org.apache.archiva:archiva
(Maven)
Mar 1, 2024
Velocity execution without script right through tree macro
High
CVE-2023-50732
was published
for
org.xwiki.platform:xwiki-platform-index-tree-macro
(Maven)
Dec 19, 2023
XWiki Platform privilege escalation from script right to programming right through title displayer
Critical
CVE-2023-46244
was published
for
org.xwiki.platform:xwiki-platform-display-api
(Maven)
Nov 7, 2023
SaToken authentication bypass vulnerability
High
CVE-2023-43961
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
Quarkus HTTP vulnerable to incorrect evaluation of permissions
High
CVE-2023-4853
was published
for
io.quarkus:quarkus-csrf-reactive
(Maven)
Sep 20, 2023
Incorrect permission checks in Qualys Web App Scanning Connector Plugin allow capturing credentials
Moderate
CVE-2023-39154
was published
for
com.qualys.plugins:qualys-was
(Maven)
Jul 26, 2023
Paths contain matrix variables bypass decorators
High
CVE-2023-38493
was published
for
com.linecorp.armeria:armeria
(Maven)
Jul 25, 2023
Spring Security's authorization rules can be misconfigured when using multiple servlets
High
CVE-2023-34035
was published
for
org.springframework.security:spring-security-config
(Maven)
Jul 18, 2023
Apache Pulsar Function Worker Incorrect Authorization vulnerability
Moderate
CVE-2023-37579
was published
for
org.apache.pulsar:pulsar-functions-worker
(Maven)
Jul 12, 2023
Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization
High
CVE-2023-30428
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Jul 12, 2023
Apache Pulsar Incorrect Authorization vulnerability
Critical
CVE-2023-30429
was published
for
org.apache.pulsar:pulsar
(Maven)
Jul 12, 2023
XWiki Platform vulnerable to privilege escalation (PR) from account through TipsPanel
High
CVE-2023-35166
was published
for
org.xwiki.platform:xwiki-platform-help-ui
(Maven)
Jun 20, 2023
ProTip!
Advisories are also available from the
GraphQL API