Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,710 advisories

Loading
Undertow Denial of Service vulnerability High
CVE-2024-5971 was published for io.undertow:undertow-core (Maven) Jul 8, 2024
fawind
Apache Ivy External Entity Reference vulnerability High
CVE-2022-46751 was published for org.apache.ivy:ivy (Maven) Aug 21, 2023
SQL Injection in Apache InLong High
CVE-2023-43667 was published for org.apache.inlong:inlong (Maven) Oct 16, 2023
Apache Log4j 1.x (EOL) allows Denial of Service (DoS) High
CVE-2023-26464 was published for org.apache.logging.log4j:log4j-core (Maven) Mar 10, 2023
jw123023
Keycloak Session Fixation vulnerability High
CVE-2024-7341 was published for org.keycloak:keycloak-services (Maven) Sep 9, 2024
stianst
Jeecg boot arbitrary file read vulnerability High
CVE-2023-41578 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Sep 8, 2023
Keycloak Open Redirect vulnerability High
CVE-2024-8883 was published for org.keycloak:keycloak-services (Maven) Sep 19, 2024
Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability High
CVE-2024-39928 was published for org.apache.linkis:linkis-engineplugin-spark (Maven) Sep 25, 2024
oscerd
DataEase has an XML External Entity Reference vulnerability High
CVE-2024-46985 was published for io.dataease:common (Maven) Sep 23, 2024
flylzj
protobuf-java has potential Denial of Service issue High
CVE-2024-7254 was published for com.google.protobuf:protobuf-java (RubyGems) Sep 19, 2024
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack High
CVE-2024-46984 was published for de.gematik.refv.commons:commons (Maven) Sep 19, 2024
SOFA Hessian Remote Command Execution (RCE) Vulnerability High
CVE-2024-46983 was published for com.alipay.sofa:hessian (Maven) Sep 19, 2024
unam4 springkill
Keycloak SAML signature validation flaw High
CVE-2024-8698 was published for org.keycloak:keycloak-saml-core (Maven) Sep 19, 2024
Undertow vulnerable to Race Condition High
CVE-2024-7885 was published for io.undertow:undertow-core (Maven) Aug 21, 2024
Undertow Uncontrolled Resource Consumption Vulnerability High
CVE-2024-1635 was published for io.undertow:undertow-core (Maven) Feb 20, 2024
Apache Seata Deserialization of Untrusted Data vulnerability High
CVE-2024-22399 was published for org.apache.seata:seata-core (Maven) Sep 16, 2024
Path traversal vulnerability in functional web frameworks High
CVE-2024-38816 was published for org.springframework:spring-webmvc (Maven) Sep 13, 2024
Malayke
Uncontrolled Resource Consumption in Jackson-databind High
CVE-2022-42003 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz coheigea
sonnyhcl Christiaan-de-Wet sunSUNQ
CrateDB authentication bypass vulnerability High
CVE-2023-51982 was published for crate (Maven) Jan 30, 2024
Tu0Laj1
Apache Atlas produces Stack trace in error response High
CVE-2017-3154 was published for org.apache.atlas:atlas-common (Maven) May 17, 2022
Remote Code Execution vulnerability in Apache IoTDB via UDF High
CVE-2023-46226 was published for apache-iotdb (Maven) Jan 15, 2024
Apache IoTDB subject to ReDOS with Java 8 High
CVE-2022-43766 was published for apache-iotdb (Maven) Oct 26, 2022
SaToken authentication bypass vulnerability High
CVE-2023-43961 was published for cn.dev33:sa-token-core (Maven) Oct 25, 2023
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill High
CVE-2023-48362 was published for org.apache.drill.exec:drill-java-exec (Maven) Jul 24, 2024
Undertow's url-encoded request path information can be broken on ajp-listener High
CVE-2024-6162 was published for io.undertow:undertow-core (Maven) Jun 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database