GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
4,978 advisories
Filter by severity
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check
Moderate
CVE-2023-49674
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
Nov 29, 2023
Code injection in Apache Zeppelin Shell
Moderate
CVE-2024-31861
was published
for
org.apache.zeppelin:zeppelin-shell
(Maven)
Apr 11, 2024
OpenAPI Generator Online - Arbitrary File Read/Delete
High
CVE-2024-35219
was published
for
org.openapitools:openapi-generator-online
(Maven)
May 28, 2024
json-path Out-of-bounds Write vulnerability
Moderate
CVE-2023-51074
was published
for
com.jayway.jsonpath:json-path
(Maven)
Dec 27, 2023
Improper escaping in Apache Zeppelin
Moderate
CVE-2024-31866
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Apr 9, 2024
Soot Infinite Loop vulnerability
High
CVE-2023-46442
was published
for
org.soot-oss:soot
(Maven)
May 24, 2024
Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry
Critical
CVE-2023-20873
was published
for
org.springframework.boot:spring-boot-actuator-autoconfigure
(Maven)
Apr 20, 2023
Kwik does not discard unused encryption keys
Moderate
CVE-2024-22588
was published
for
tech.kwik:kwik
(Maven)
May 24, 2024
Path Traversal in Apache Flink
High
CVE-2020-17519
was published
for
org.apache.flink:flink-runtime_2.11
(Maven)
Jan 6, 2021
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
High
CVE-2016-1000338
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
Bouncy Castle Denial of Service (DoS)
Moderate
CVE-2023-33202
was published
for
org.bouncycastle:bcpkix-jdk18on
(Maven)
Nov 23, 2023
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library
Moderate
CVE-2022-30187
was published
for
Azure.Storage.Blobs
(Maven)
Jul 13, 2022
Eclipse Ditto vulnerable to Cross-site Scripting
Moderate
CVE-2024-5165
was published
for
org.eclipse.ditto:ditto
(Maven)
May 23, 2024
Silverpeas Core vulnerable to Cross Site Scripting
Moderate
CVE-2024-29392
was published
for
org.silverpeas:silverpeas-core
(Maven)
May 22, 2024
HTTP Request Smuggling in Netty
High
CVE-2019-16869
was published
for
io.netty:netty-all
(Maven)
Oct 11, 2019
pubnub Insufficient Entropy vulnerability
Moderate
CVE-2023-26154
was published
for
Pubnub
(RubyGems)
Dec 6, 2023
Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users
Critical
CVE-2024-23320
was published
for
org.apache.dolphinscheduler:dolphinscheduler-master
(Maven)
Feb 23, 2024
veraPDF has potential XSLT injection vulnerability when using policy files
High
CVE-2024-28109
was published
for
org.verapdf:core
(Maven)
May 20, 2024
Multiple WSO2 products vulnerable to perform user impersonatoin using JIT provisioning
High
CVE-2023-6837
was published
for
org.wso2.carbon.identity.framework:org.wso2.carbon.identity.application.authentication.framework
(Maven)
Dec 15, 2023
Dromara hutool vulnerable to SQL Injection
Critical
CVE-2023-24163
was published
for
cn.hutool:hutool-all
(Maven)
Jan 31, 2023
Deserialization of Untrusted Data in Spring AMQP
Moderate
CVE-2021-22095
was published
for
org.springframework.amqp:spring-amqp
(Maven)
Dec 1, 2021
Duplicate Advisory: jQuery Cross Site Scripting vulnerability
Moderate
CVE-2020-23064
was published
for
jQuery
(RubyGems)
Jun 26, 2023
•
withdrawn
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability
Moderate
CVE-2024-28087
was published
for
org.bonitasoft.engine:bonita-server
(Maven)
May 15, 2024
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11023
was published
for
jQuery
(RubyGems)
Apr 29, 2020
Amazon JDBC Driver for Redshift SQL Injection via line comment generation
Critical
CVE-2024-32888
was published
for
com.amazon.redshift:redshift-jdbc42
(Maven)
May 15, 2024
ProTip!
Advisories are also available from the
GraphQL API