GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,764 advisories
Filter by severity
Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination
High
CVE-2024-10039
was published
for
org.keycloak:keycloak-core
(Maven)
Nov 25, 2024
Keycloak Build Process Exposes Sensitive Data
High
CVE-2024-10451
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
org.keycloak:keycloak-services has Inefficient Regular Expression Complexity
High
CVE-2024-10270
was published
for
org.keycloak:keycloak-services
(Maven)
Nov 25, 2024
Querydsl SQL/HQL injection
High
CVE-2024-49203
was published
for
com.querydsl:querydsl-apt
(Maven)
Nov 20, 2024
Graylog concurrent PDF report rendering can leak other users' reports
High
CVE-2024-52506
was published
for
org.graylog:graylog-parent
(Maven)
Nov 18, 2024
Undertow incorrectly parses cookies
High
CVE-2023-4639
was published
for
io.undertow:undertow-core
(Maven)
Nov 17, 2024
Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin
High
CVE-2024-52551
was published
for
org.jenkinsci.plugins:pipeline-model-parent
(Maven)
Nov 13, 2024
Stored XSS vulnerability in Jenkins Authorize Project Plugin
High
CVE-2024-52552
was published
for
org.jenkins-ci.plugins:authorize-project
(Maven)
Nov 13, 2024
Script security bypass vulnerability in Jenkins Shared Library Version Override Plugin
High
CVE-2024-52554
was published
for
io.jenkins.plugins:shared-library-version-override
(Maven)
Nov 13, 2024
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
High
CVE-2024-52553
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Nov 13, 2024
Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin
High
CVE-2024-52550
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Nov 13, 2024
Denial of Service attack on windows app using netty
High
CVE-2024-47535
was published
for
io.netty:netty-common
(Maven)
Nov 12, 2024
powertac-server XML External Entity vulnerability
High
CVE-2024-51135
was published
for
org.powertac:server-interface
(Maven)
Nov 11, 2024
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`
High
CVE-2024-52007
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may
(Maven)
Nov 8, 2024
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
High
CVE-2024-47072
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Nov 7, 2024
Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability
High
CVE-2024-38286
was published
for
org.apache.tomcat:tomcat-util
(Maven)
Nov 7, 2024
HAPI FHIR XML External Entity (XXE) vulnerability
High
CVE-2024-51132
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.convertors
(Maven)
Nov 5, 2024
Reposilite vulnerable to path traversal while serving javadoc expanded files (arbitrary file read) (`GHSL-2024-074`)
High
GHSA-82j3-hf72-7x93
was published
for
com.reposilite:reposilite-backend
(Maven)
Nov 4, 2024
hornetq vulnerable to file overwrite, sensitive information disclosure
High
CVE-2024-51127
was published
for
org.hornetq:hornetq-core-client
(Maven)
Nov 4, 2024
Apache Kylin Session Fixation vulnerability
High
CVE-2024-23590
was published
for
org.apache.kylin:kylin
(Maven)
Nov 4, 2024
JeecgBoot SQL Injection vulnerability
High
CVE-2024-48307
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Oct 31, 2024
OpenRefine has a path traversal in LoadLanguageCommand
High
CVE-2024-49760
was published
for
org.openrefine:openrefine
(Maven)
Oct 24, 2024
OpenRefine leaks Google API credentials in releases
High
GHSA-3pg4-qwc8-426r
was published
for
org.openrefine:openrefine
(Maven)
Oct 24, 2024
OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE)
High
CVE-2024-47881
was published
for
org.openrefine:database
(Maven)
Oct 24, 2024
OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand
High
CVE-2024-47880
was published
for
org.openrefine:openrefine
(Maven)
Oct 24, 2024
ProTip!
Advisories are also available from the
GraphQL API