Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,932 advisories

Loading
Apache Tiles: Unvalidated input may lead to path traversal and XXE High
CVE-2023-49735 was published for org.apache.tiles:tiles-core (Maven) Dec 1, 2023
Jenkins MATLAB Plugin missing permission checks High
CVE-2023-49654 was published for org.jenkins-ci.plugins:matlab (Maven) Nov 29, 2023
Jenkins MATLAB Plugin cross-site request forgery vulnerability High
CVE-2023-49655 was published for org.jenkins-ci.plugins:matlab (Maven) Nov 29, 2023
Jenkins MATLAB Plugin XML External Entity vulnerability High
CVE-2023-49656 was published for org.jenkins-ci.plugins:matlab (Maven) Nov 29, 2023
logback serialization vulnerability High
CVE-2023-6378 was published for ch.qos.logback:logback-classic (Maven) Nov 29, 2023
jakehall-gocity bvahdat
mpenttila liaodaniel peppers-joseph
Apache ActiveMQ Deserialization of Untrusted Data vulnerability High
CVE-2022-41678 was published for org.apache.activemq:apache-activemq (Maven) Nov 28, 2023
sunSUNQ
Apache Tomcat Improper Input Validation vulnerability High
CVE-2023-46589 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 28, 2023
biehl1
ureport arbitrary file read vulnerability High
CVE-2023-48848 was published for com.bstek.ureport:ureport2-core (Maven) Nov 28, 2023
Reactor Netty HTTP Server denial of service vulnerability High
CVE-2023-34054 was published for io.projectreactor.netty:reactor-netty-core (Maven) Nov 28, 2023
mpihelgas
Spring Framework vulnerable to denial of service High
CVE-2023-34053 was published for org.springframework:spring-webmvc (Maven) Nov 28, 2023
sunSUNQ
Improper Neutralization of Input in Advanced User Interface for Jolt High
CVE-2023-49145 was published for org.apache.nifi:nifi-jolt-transform-json-ui (Maven) Nov 28, 2023
exceptionfactory
Apache DolphinScheduler sensitive information disclosure High
CVE-2023-48796 was published for apache-dolphinscheduler (Maven) Nov 24, 2023
APM Java Agent Local Privilege Escalation issue High
CVE-2021-37942 was published for co.elastic.apm:apm-agent-parent (Maven) Nov 22, 2023
Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries High
CVE-2023-48293 was published for org.xwiki.contrib:xwiki-application-admintools (Maven) Nov 20, 2023
Whole content of all documents of all wikis exposed to anybody with view right on Solr suggest service High
CVE-2023-48241 was published for org.xwiki.platform:xwiki-platform-search-solr-query (Maven) Nov 20, 2023
Authenticated Rundeck users can view or delete jobs they do not have authorization for. High
CVE-2023-48222 was published for org.rundeck:rundeck (Maven) Nov 16, 2023
Apache Hadoop allows local user to gain root privileges High
CVE-2023-26031 was published for org.apache.hadoop:hadoop-yarn-project (Maven) Nov 16, 2023
vulnerability-analyst anonymous-nlp-student
xxl-job-admin vulnerable to Remote Code Execution High
CVE-2023-48089 was published for com.xuxueli:xxl-job-admin (Maven) Nov 15, 2023
Quarkus does not properly sanitize artifacts created from its use of the Gradle plugin, allowing certain build system information to remain High
CVE-2023-5720 was published for io.quarkus:quarkus-project (Maven) Nov 15, 2023
Zip slip in mleap High
CVE-2023-5245 was published for ml.combust.mleap:mleap-runtime_2.12 (Maven) Nov 15, 2023
In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack High
CVE-2023-34062 was published for io.projectreactor.netty:reactor-netty-http (Maven) Nov 15, 2023
mpihelgas
Java: DoS Vulnerability in JSON-JAVA High
CVE-2023-5072 was published for org.json:json (Maven) Nov 14, 2023
eamonnmcmanus
Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability High
CVE-2023-39913 was published for org.apache.uima:uimaj (Maven) Nov 8, 2023
XWiki Platform vulnerable to privilege escalation and remote code execution via the edit action High
CVE-2023-46243 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Nov 7, 2023
Dromara Lamp-Cloud Use of Hard-coded Cryptographic Key High
CVE-2023-31579 was published for top.tangyh.basic:lamp-core (Maven) Nov 3, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database