GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,665 advisories
Filter by severity
Cross-Site Request Forgery in JFinalCMS via the component /admin/friend_link/save
High
CVE-2023-49379
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/friend_link/delete
High
CVE-2023-49380
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/tag/update
High
CVE-2023-49377
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/form/save
High
CVE-2023-49378
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS
High
CVE-2023-49373
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS
High
CVE-2023-49376
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability
High
CVE-2023-41835
was published
for
org.apache.struts:struts2-core
(Maven)
Dec 5, 2023
Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data
High
CVE-2023-6481
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 4, 2023
Apache Tiles: Unvalidated input may lead to path traversal and XXE
High
CVE-2023-49735
was published
for
org.apache.tiles:tiles-core
(Maven)
Dec 1, 2023
Jenkins MATLAB Plugin cross-site request forgery vulnerability
High
CVE-2023-49655
was published
for
org.jenkins-ci.plugins:matlab
(Maven)
Nov 29, 2023
Jenkins MATLAB Plugin missing permission checks
High
CVE-2023-49654
was published
for
org.jenkins-ci.plugins:matlab
(Maven)
Nov 29, 2023
Jenkins MATLAB Plugin XML External Entity vulnerability
High
CVE-2023-49656
was published
for
org.jenkins-ci.plugins:matlab
(Maven)
Nov 29, 2023
logback serialization vulnerability
High
CVE-2023-6378
was published
for
ch.qos.logback:logback-classic
(Maven)
Nov 29, 2023
ureport arbitrary file read vulnerability
High
CVE-2023-48848
was published
for
com.bstek.ureport:ureport2-core
(Maven)
Nov 28, 2023
Apache ActiveMQ Deserialization of Untrusted Data vulnerability
High
CVE-2022-41678
was published
for
org.apache.activemq:apache-activemq
(Maven)
Nov 28, 2023
Apache Tomcat Improper Input Validation vulnerability
High
CVE-2023-46589
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 28, 2023
Spring Framework vulnerable to denial of service
High
CVE-2023-34053
was published
for
org.springframework:spring-webmvc
(Maven)
Nov 28, 2023
Reactor Netty HTTP Server denial of service vulnerability
High
CVE-2023-34054
was published
for
io.projectreactor.netty:reactor-netty-core
(Maven)
Nov 28, 2023
Improper Neutralization of Input in Advanced User Interface for Jolt
High
CVE-2023-49145
was published
for
org.apache.nifi:nifi-jolt-transform-json-ui
(Maven)
Nov 28, 2023
Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year
High
GHSA-r68h-jhhj-9jvm
was published
for
org.owasp.esapi:esapi
(Maven)
Nov 27, 2023
Apache DolphinScheduler sensitive information disclosure
High
CVE-2023-48796
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Nov 24, 2023
APM Java Agent Local Privilege Escalation issue
High
CVE-2021-37942
was published
for
co.elastic.apm:apm-agent-parent
(Maven)
Nov 22, 2023
Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries
High
CVE-2023-48293
was published
for
org.xwiki.contrib:xwiki-application-admintools
(Maven)
Nov 20, 2023
Whole content of all documents of all wikis exposed to anybody with view right on Solr suggest service
High
CVE-2023-48241
was published
for
org.xwiki.platform:xwiki-platform-search-solr-query
(Maven)
Nov 20, 2023
Authenticated Rundeck users can view or delete jobs they do not have authorization for.
High
CVE-2023-48222
was published
for
org.rundeck:rundeck
(Maven)
Nov 16, 2023
ProTip!
Advisories are also available from the
GraphQL API