GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,416 advisories
Filter by severity
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.
Moderate
CVE-2024-45772
was published
for
org.apache.lucene:lucene-replicator
(Maven)
Sep 30, 2024
Eclipse Glassfish improperly handles http parameters
Moderate
CVE-2024-9329
was published
for
org.glassfish.main.admin:rest-service
(Maven)
Sep 30, 2024
Spring Framework DoS via conditional HTTP request
Moderate
CVE-2024-38809
was published
for
org.springframework:spring-web
(Maven)
Sep 24, 2024
Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin
Moderate
CVE-2023-41934
was published
for
org.jenkins-ci.plugins:pipeline-maven
(Maven)
Sep 6, 2023
Apache Submarine Commons Utils has a hard-coded secret
Moderate
CVE-2024-36264
was published
for
apache-submarine
(Maven)
Jun 12, 2024
Undertow Missing Release of Memory after Effective Lifetime vulnerability
Moderate
CVE-2024-3653
was published
for
io.undertow:undertow-core
(Maven)
Jul 9, 2024
Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit
Moderate
CVE-2024-8642
was published
for
org.eclipse.edc:transfer-data-plane
(Maven)
Sep 11, 2024
org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users
Moderate
CVE-2024-46979
was published
for
org.xwiki.platform:xwiki-platform-notifications-ui
(Maven)
Sep 18, 2024
org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions
Moderate
CVE-2024-46978
was published
for
org.xwiki.platform:xwiki-platform-notifications-ui
(Maven)
Sep 18, 2024
Keycloak Services has a potential bypass of brute force protection
Moderate
CVE-2024-4629
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 17, 2024
Duplicate Advisory: Keycloak has a brute force login protection bypass
Moderate
GHSA-8wm9-24qg-m5qj
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 3, 2024
•
withdrawn
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability
Moderate
CVE-2024-46943
was published
for
org.opendaylight.aaa:aaa-artifacts
(Maven)
Sep 16, 2024
Keycloak Denial of Service vulnerability
Moderate
CVE-2023-6841
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 10, 2024
Infinispan circular object references causes out of memory errors
Moderate
CVE-2023-5236
was published
for
org.infinispan.protostream:protostream
(Maven)
Dec 28, 2023
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries
Moderate
CVE-2024-46942
was published
for
org.opendaylight.mdsal:mdsal-artifacts
(Maven)
Sep 16, 2024
Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions
Moderate
CVE-2023-3629
was published
for
org.infinispan:infinispan-server-rest
(Maven)
Dec 30, 2023
Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions
Moderate
CVE-2023-3628
was published
for
org.infinispan:infinispan-server-rest
(Maven)
Dec 30, 2023
Cross-site Scripting in Apache Atlas
Moderate
CVE-2017-3155
was published
for
org.apache.atlas:atlas-common
(Maven)
May 17, 2022
Cross-site Scripting in Apache Atlas
Moderate
CVE-2017-3152
was published
for
org.apache.atlas:atlas-common
(Maven)
May 17, 2022
Improper certificate management in AWS IoT Device SDK v2
Moderate
CVE-2021-40828
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2
Moderate
CVE-2021-40830
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2
Moderate
CVE-2021-40831
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2
Moderate
CVE-2021-40829
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Incorrect Default Permissions in Apache DolphinScheduler
Moderate
CVE-2020-13922
was published
for
org.apache.dolphinscheduler:dolphinscheduler-api
(Maven)
Feb 9, 2022
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources
Moderate
GHSA-mmwx-rj87-vfgr
was published
for
dnsjava:dnsjava
(Maven)
Jul 22, 2024
ProTip!
Advisories are also available from the
GraphQL API