GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
5,237 advisories
Filter by severity
Amazon Redshift JDBC Driver vulnerable to SQL Injection
High
CVE-2024-12744
was published
for
com.amazon.redshift:redshift-jdbc42
(Maven)
Dec 26, 2024
Apache MINA Deserialization RCE Vulnerability
Critical
CVE-2024-52046
was published
for
org.apache.mina:mina-core
(Maven)
Dec 25, 2024
Apache HugeGraph-Server: Fixed JWT Token (Secret)
Moderate
CVE-2024-43441
was published
for
org.apache.hugegraph:hugegraph-server
(Maven)
Dec 24, 2024
Cross Site Scripting (XSS) vulnerability while uploading content to a new deployment
Moderate
GHSA-64gp-r758-8pfm
was published
for
org.jboss.hal:hal-console
(Maven)
Dec 23, 2024
Apache Hive and Spark: CookieSigner exposes the correct signature when message verification fails
High
CVE-2024-23945
was published
for
org.apache.hive:hive-service
(Maven)
Dec 23, 2024
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
High
CVE-2024-56337
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
Dec 20, 2024
Spring Framework Path Traversal vulnerability
High
CVE-2024-38819
was published
for
org.springframework:spring-webflux
(Maven)
Dec 19, 2024
QOS.CH logback-core Server-Side Request Forgery vulnerability
Low
CVE-2024-12801
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 19, 2024
QOS.CH logback-core Expression Language Injection vulnerability
Moderate
CVE-2024-12798
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 19, 2024
Apache Kafka's SCRAM implementation Incorrectly Implements Authentication Algorithm
Low
CVE-2024-56128
was published
for
org.apache.kafka:kafka
(Maven)
Dec 18, 2024
Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page
Moderate
CVE-2023-37940
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Dec 18, 2024
Keycloak vulnerable to Cleartext Transmission of Sensitive Information
Moderate
CVE-2024-10973
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Dec 18, 2024
Liferay Portal and Liferay DXP vulnerable to Criss-site Scripting
Moderate
CVE-2024-11993
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Dec 17, 2024
Elasticsearch Incorrect Authorization vulnerability
Moderate
CVE-2024-12539
was published
for
org.elasticsearch:elasticsearch
(Maven)
Dec 17, 2024
Databricks JDBC Driver Command Injection vulnerability
High
CVE-2024-49194
was published
for
com.databricks:databricks-jdbc
(Maven)
Dec 17, 2024
Apache Tomcat Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-54677
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
Dec 17, 2024
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
High
CVE-2024-50379
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Dec 17, 2024
Welcome and About GeoServer pages communicate version and revision information
Moderate
CVE-2024-35230
was published
for
org.geoserver.web:gs-web-app
(Maven)
Dec 16, 2024
Ucum-java has an XXE vulnerability in XML parsing
High
CVE-2024-55887
was published
for
org.fhir:ucum
(Maven)
Dec 13, 2024
XWiki allows remote code execution through the extension sheet
Critical
CVE-2024-55662
was published
for
org.xwiki.platform:xwiki-platform-repository-server-ui
(Maven)
Dec 12, 2024
XWiki Platform has an SQL injection in getdocuments.vm with sort parameter
High
CVE-2024-55663
was published
for
org.xwiki.platform:xwiki-platform-distribution-war
(Maven)
Dec 12, 2024
http4k has a potential XXE (XML External Entity Injection) vulnerability
Critical
CVE-2024-55875
was published
for
org.http4k:http4k-format-xml
(Maven)
Dec 12, 2024
XWiki's scheduler in subwiki allows scheduling operations for any main wiki user
Moderate
CVE-2024-55876
was published
for
org.xwiki.platform:xwiki-platform-scheduler-ui
(Maven)
Dec 12, 2024
XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList
Critical
CVE-2024-55877
was published
for
org.xwiki.platform:xwiki-platform-help-ui
(Maven)
Dec 12, 2024
XWiki allows RCE from script right in configurable sections
Critical
CVE-2024-55879
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Dec 12, 2024
ProTip!
Advisories are also available from the
GraphQL API