GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,361 advisories
Filter by severity
Apache Zeppelin: Denial of service with invalid notebook name
Moderate
CVE-2024-31862
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Apache Zeppelin CSRF vulnerability in the Credentials page
Moderate
CVE-2021-28656
was published
for
org.apache.zeppelin:zeppelin-web
(Maven)
Apr 9, 2024
Apache Zeppelin Path Traversal vulnerability
Moderate
CVE-2024-31860
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
Moderate
CVE-2024-29834
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Apr 2, 2024
Eclipse Vert.x vulnerable to a memory leak in TCP servers
Moderate
CVE-2024-1300
was published
for
io.vertx:vertx-core
(Maven)
Apr 2, 2024
Withdrawn: JJWT improperly generates signing keys
Moderate
CVE-2024-31033
was published
for
io.jsonwebtoken:jjwt-impl
(Maven)
Apr 1, 2024
•
withdrawn
Bonita cross-site scripting vulnerability
Moderate
CVE-2024-27609
was published
for
org.bonitasoft.console:bonita-web-server
(Maven)
Apr 1, 2024
Elasticsearch Uncaught Exception leading to crash
Moderate
CVE-2024-23449
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 29, 2024
Elasticsearch Incorrect Authorization vulnerability
Moderate
CVE-2024-23451
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 27, 2024
Elasticsearch Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-23450
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 27, 2024
Eclipse Vert.x memory leak
Moderate
CVE-2024-1023
was published
for
io.vertx:vertx-core
(Maven)
Mar 27, 2024
Netty's HttpPostRequestDecoder can OOM
Moderate
CVE-2024-29025
was published
for
io.netty:netty-codec-http
(Maven)
Mar 25, 2024
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
Moderate
CVE-2024-29131
was published
for
org.apache.commons:commons-configuration2
(Maven)
Mar 21, 2024
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
Moderate
CVE-2024-29133
was published
for
org.apache.commons:commons-configuration2
(Maven)
Mar 21, 2024
SQL injection in Folio Spring Module Core
Moderate
CVE-2022-4963
was published
for
org.folio:spring-module-core
(Maven)
Mar 21, 2024
Improper Authentication in Spring Authorization Server
Moderate
CVE-2024-22258
was published
for
org.springframework.security:spring-security-oauth2-authorization-server
(Maven)
Mar 20, 2024
GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23821
was published
for
org.geoserver:gs-gwc
(Maven)
Mar 20, 2024
GeoServer's MapML HTML Page vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23819
was published
for
org.geoserver.extension:gs-mapml
(Maven)
Mar 20, 2024
GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23818
was published
for
org.geoserver:gs-wms
(Maven)
Mar 20, 2024
GeoServer's GWC Seed Form vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23643
was published
for
org.geoserver:gs-gwc-rest
(Maven)
Mar 20, 2024
GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23642
was published
for
org.geoserver:gs-wms
(Maven)
Mar 20, 2024
GeoServer's Style Publisher vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23640
was published
for
org.geoserver:gs-main
(Maven)
Mar 20, 2024
GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API
Moderate
CVE-2024-23634
was published
for
org.geoserver:gs-restconfig
(Maven)
Mar 20, 2024
Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API
Moderate
CVE-2023-51445
was published
for
org.geoserver:gs-restconfig
(Maven)
Mar 20, 2024
Cross-Site Request Forgery in Apache Wicket
Moderate
CVE-2024-27439
was published
for
org.apache.wicket:wicket
(Maven)
Mar 19, 2024
ProTip!
Advisories are also available from the
GraphQL API