GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,707 advisories
Filter by severity
Keycloak SAML signature validation flaw
High
CVE-2024-8698
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Sep 19, 2024
protobuf-java has potential Denial of Service issue
High
CVE-2024-7254
was published
for
com.google.protobuf:protobuf-java
(RubyGems)
Sep 19, 2024
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack
High
CVE-2024-46984
was published
for
de.gematik.refv.commons:commons
(Maven)
Sep 19, 2024
SOFA Hessian Remote Command Execution (RCE) Vulnerability
High
CVE-2024-46983
was published
for
com.alipay.sofa:hessian
(Maven)
Sep 19, 2024
Apache Seata Deserialization of Untrusted Data vulnerability
High
CVE-2024-22399
was published
for
org.apache.seata:seata-core
(Maven)
Sep 16, 2024
Path traversal vulnerability in functional web frameworks
High
CVE-2024-38816
was published
for
org.springframework:spring-webmvc
(Maven)
Sep 13, 2024
Keycloak Session Fixation vulnerability
High
CVE-2024-7341
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 9, 2024
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`
High
CVE-2024-45294
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may
(Maven)
Sep 6, 2024
Missing hostname validation in Kroxylicious
High
CVE-2024-8285
was published
for
io.kroxylicious:kroxylicious-runtime
(Maven)
Aug 31, 2024
Undertow vulnerable to Race Condition
High
CVE-2024-7885
was published
for
io.undertow:undertow-core
(Maven)
Aug 21, 2024
Apache SeaTunnel SQL Injection vulnerability
High
CVE-2023-49198
was published
for
org.apache.seatunnel:seatunnel
(Maven)
Aug 21, 2024
Apache Helix Front (UI) component contained a hard-coded secret
High
CVE-2024-22281
was published
for
org.apache.helix:helix
(Maven)
Aug 21, 2024
Improper Preservation of Permissions in xxl-job
High
CVE-2024-42681
was published
for
com.xuxueli:xxl-job-core
(Maven)
Aug 15, 2024
Apache MINA SSHD: integrity check bypass
High
CVE-2024-41909
was published
for
org.apache.sshd:sshd-common
(Maven)
Aug 12, 2024
Apache DolphinScheduler: RCE by arbitrary js execution
High
CVE-2024-29831
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Aug 12, 2024
Apache DolphinScheduler: Resource File Read And Write Vulnerability
High
CVE-2024-30188
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Aug 12, 2024
CometVisu Backend for openHAB affected by SSRF/XSS
High
CVE-2024-42467
was published
for
org.openhab.ui.bundles:org.openhab.ui.cometvisu
(Maven)
Aug 9, 2024
Reposilite Arbitrary File Read vulnerability
High
CVE-2024-36117
was published
for
com.reposilite:reposilite-backend
(Maven)
Aug 5, 2024
Alpine allows URL access filter bypass
High
CVE-2022-23553
was published
for
us.springett:alpine
(Maven)
Aug 5, 2024
Path traversal in Reposilite javadoc file expansion (arbitrary file creation/overwrite) (`GHSL-2024-073`)
High
CVE-2024-36116
was published
for
com.reposilite:reposilite-backend
(Maven)
Aug 2, 2024
Reposilite artifacts vulnerable to Stored Cross-site Scripting
High
CVE-2024-36115
was published
for
com.reposilite:reposilite-backend
(Maven)
Aug 2, 2024
Apache Inlong Code Injection vulnerability
High
CVE-2024-36268
was published
for
org.apache.inlong:tubemq-core
(Maven)
Aug 2, 2024
Apache SeaTunnel Web Authentication vulnerability
High
CVE-2023-48396
was published
for
org.apache.seatunnel:seatunnel-web
(Maven)
Jul 30, 2024
GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service
High
CVE-2024-40094
was published
for
com.graphql-java:graphql-java
(Maven)
Jul 30, 2024
OpenAM FreeMarker template injection
High
CVE-2024-41667
was published
for
org.openidentityplatform.openam:openam-oauth2
(Maven)
Jul 25, 2024
ProTip!
Advisories are also available from the
GraphQL API