GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
12 advisories
Filter by severity
Spring Framework has Authorization Bypass for Case Sensitive Comparisons
Moderate
CVE-2024-38827
was published
for
org.springframework:spring-beans
(Maven)
Dec 2, 2024
The OpenSearch reporting plugin improperly controls tenancy access to reporting resources
Moderate
CVE-2024-39900
was published
for
org.opensearch.plugin:opensearch-reports-scheduler
(Maven)
Jul 18, 2024
OpenSearch Observability does not properly restrict access to private tenant resources
Low
CVE-2024-39901
was published
for
org.opensearch.plugin:opensearch-observability
(Maven)
Jul 10, 2024
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability
Moderate
CVE-2024-28087
was published
for
org.bonitasoft.engine:bonita-server
(Maven)
May 15, 2024
Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library
Critical
GHSA-gcgw-q47m-prvj
was published
for
com.sap.cloud.security.xsuaa:spring-xsuaa
(Maven)
Dec 12, 2023
•
withdrawn
Authorization Bypass in Apache InLong
Critical
CVE-2023-43668
was published
for
org.apache.inlong:manager-pojo
(Maven)
Oct 16, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper
Critical
CVE-2023-44981
was published
for
org.apache.zookeeper:zookeeper
(Maven)
Oct 11, 2023
DataEase API interface has IDOR vulnerability
High
CVE-2023-32310
was published
for
io.dataease:dataease-plugin-common
(Maven)
Jun 2, 2023
Authorization Bypass in Liferay Portal
Moderate
CVE-2022-42129
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 15, 2022
Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin
Moderate
CVE-2019-16546
was published
for
org.jenkins-ci.plugins:google-compute-engine
(Maven)
May 24, 2022
Keycloak vulnerable to privilege escalation on Token Exchange feature
Critical
CVE-2022-1245
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 26, 2022
IDOR can reveal execution data and logs to unauthorized user in Rundeck
Moderate
CVE-2020-11009
was published
for
org.rundeck:rundeck
(Maven)
Apr 29, 2020
ProTip!
Advisories are also available from the
GraphQL API