Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,698 advisories

Loading
Undertow vulnerable to Race Condition High
CVE-2024-7885 was published for io.undertow:undertow-core (Maven) Aug 21, 2024
Undertow Denial of Service vulnerability High
CVE-2024-5971 was published for io.undertow:undertow-core (Maven) Jul 8, 2024
Keycloak Session Fixation vulnerability High
CVE-2024-7341 was published for org.keycloak:keycloak-services (Maven) Sep 9, 2024
Undertow's url-encoded request path information can be broken on ajp-listener High
CVE-2024-6162 was published for io.undertow:undertow-core (Maven) Jun 20, 2024
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` High
CVE-2024-45294 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Sep 6, 2024
qligier
Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness High
CVE-2020-8897 was published for aws-encryption-sdk (Maven) Oct 12, 2021
thaidn
DNSJava DNSSEC Bypass High
CVE-2024-25638 was published for dnsjava:dnsjava (Maven) Jul 22, 2024
bellebaum schanzen
milux levpachmanov
Missing hostname validation in Kroxylicious High
CVE-2024-8285 was published for io.kroxylicious:kroxylicious-runtime (Maven) Aug 31, 2024
MySQL Connectors takeover vulnerability High
CVE-2023-22102 was published for com.mysql:mysql-connector-j (Maven) Oct 18, 2023
d0ougal
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate High
CVE-2016-1000338 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
AndrzejBiernacki2010 SunBK201
Spring Framework URL Parsing with Host Validation High
CVE-2024-22262 was published for org.springframework:spring-web (Maven) Apr 16, 2024
Apache DolphinScheduler: Arbitrary js execute as root for authenticated users High
CVE-2023-49299 was published for org.apache.dolphinscheduler:dolphinscheduler-master (Maven) Dec 30, 2023
Apache Inlong Code Injection vulnerability High
CVE-2024-36268 was published for org.apache.inlong:tubemq-core (Maven) Aug 2, 2024
Soot Infinite Loop vulnerability High
CVE-2023-46442 was published for org.soot-oss:soot (Maven) May 24, 2024
Spring Web vulnerable to Open Redirect or Server Side Request Forgery High
CVE-2024-22243 was published for org.springframework:spring-web (Maven) Feb 23, 2024
yoshizawa-masatoshi
Apache Archiva Incorrect Authorization vulnerability High
CVE-2024-27138 was published for org.apache.archiva:archiva (Maven) Mar 1, 2024
Apache Helix Front (UI) component contained a hard-coded secret High
CVE-2024-22281 was published for org.apache.helix:helix (Maven) Aug 21, 2024
Apache SeaTunnel SQL Injection vulnerability High
CVE-2023-49198 was published for org.apache.seatunnel:seatunnel (Maven) Aug 21, 2024
Improper Preservation of Permissions in xxl-job High
CVE-2024-42681 was published for com.xuxueli:xxl-job-core (Maven) Aug 15, 2024
RDF4J vulnerable to zip slip High
CVE-2018-20227 was published for org.eclipse.rdf4j:rdf4j (Maven) May 14, 2022
MarkLee131
Reading specially crafted serializable objects from an untrusted source may cause an infinite loop and denial of service High
CVE-2024-22871 was published for org.clojure:clojure (Maven) Feb 29, 2024
puredanger
Apache Ambari: authenticated users could perform command injection to perform RCE High
CVE-2023-50379 was published for org.apache.ambari.contrib.views:ambari-contrib-views (Maven) Feb 27, 2024
oscerd
Apache MINA SSHD: integrity check bypass High
CVE-2024-41909 was published for org.apache.sshd:sshd-common (Maven) Aug 12, 2024
Apache DolphinScheduler: Resource File Read And Write Vulnerability High
CVE-2024-30188 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Aug 12, 2024
Apache DolphinScheduler: RCE by arbitrary js execution High
CVE-2024-29831 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Aug 12, 2024
ProTip! Advisories are also available from the GraphQL API