Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,932 advisories

Loading
DoS vulnerabilities persist in ESAPI file uploads despite remediation of CVE-2023-24998 High
GHSA-7c2q-5qmr-v76q was published for org.owasp.esapi:esapi (Maven) Oct 27, 2023
mbektchiev xeno6696
kwwall
Elasticsearch vulnerable to Uncontrolled Resource Consumption High
CVE-2023-31418 was published for org.elasticsearch:elasticsearch (Maven) Oct 26, 2023
XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro High
CVE-2023-37912 was published for org.xwiki.platform:xwiki-core-rendering-macro-footnotes (Maven) Oct 25, 2023
org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move High
CVE-2023-37910 was published for org.xwiki.platform:xwiki-platform-attachment-api (Maven) Oct 25, 2023
Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet High
CVE-2023-37909 was published for org.xwiki.platform:xwiki-platform-menu (Maven) Oct 25, 2023
Jenkins Edgewall Trac Plugin vulnerable to Stored XSS High
CVE-2023-46659 was published for org.jenkins-ci.plugins:trac (Maven) Oct 25, 2023
Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion High
CVE-2023-46654 was published for org.jenkins-ci.plugins:electricflow (Maven) Oct 25, 2023
Stored XSS vulnerability in Jenkins GitHub Plugin High
CVE-2023-46650 was published for com.coravy.hudson.plugins.github:github (Maven) Oct 25, 2023
SaToken authentication bypass vulnerability High
CVE-2023-43961 was published for cn.dev33:sa-token-core (Maven) Oct 25, 2023
jose4j uses weak cryptographic algorithm High
CVE-2023-31582 was published for org.bitbucket.b_c:jose4j (Maven) Oct 25, 2023
WPS Server Side Request Forgery vulnerability High
CVE-2023-43795 was published for org.geoserver.extension:gs-wps-core (Maven) Oct 24, 2023
Yamcs Path Traversal vulnerability High
CVE-2023-45277 was published for org.yamcs:yamcs (Maven) Oct 19, 2023
Apache InLong Deserialization of Untrusted Data Vulnerability High
CVE-2023-46227 was published for org.apache.inlong:manager-common (Maven) Oct 19, 2023
MySQL Connectors takeover vulnerability High
CVE-2023-22102 was published for com.mysql:mysql-connector-j (Maven) Oct 18, 2023
d0ougal elzebra
OpenSearch uncontrolled resource consumption High
GHSA-8wx3-324g-w4qq was published for org.opensearch.plugin:opensearch-security (Maven) Oct 17, 2023
SQL Injection in Apache InLong High
CVE-2023-43667 was published for org.apache.inlong:inlong (Maven) Oct 16, 2023
Duplicate Advisory: Denial of Service in JSON-Java High
GHSA-rm7j-f5g5-27vv was published for org.json:json (Maven) Oct 12, 2023 withdrawn
Astralidea
io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack High
GHSA-xpw8-rcwv-8f8p was published for io.netty:netty-codec-http2 (Maven) Oct 10, 2023
DuyTran-TomTom
HTTP/2 HPACK integer overflow and buffer allocation High
CVE-2023-36478 was published for org.eclipse.jetty.http2:http2-hpack (Maven) Oct 10, 2023
samalws-tob kaoudis
smichaels-tob joakime
ThingsBoard Server-Side Template Injection High
CVE-2023-45303 was published for org.thingsboard:thingsboard (Maven) Oct 6, 2023
Quarkus OIDC can leak both ID and access tokens High
CVE-2023-1584 was published for io.quarkus:quarkus-oidc (Maven) Oct 4, 2023
Presto JDBC Server-Side Request Forgery by nextUri High
GHSA-86q5-qcjc-7pv4 was published for com.facebook.presto:presto-jdbc (Maven) Oct 3, 2023
Presto JDBC Server-Side Request Forgery by redirect High
GHSA-xm7x-f3w2-4hjm was published for com.facebook.presto:presto-jdbc (Maven) Oct 3, 2023
Apache Avro Java SDK vulnerable to Improper Input Validation High
CVE-2023-39410 was published for org.apache.avro:avro (Maven) Sep 29, 2023
sealonohana
Undertow vulnerable to denial of service High
CVE-2023-3223 was published for io.undertow:undertow-parent (Maven) Sep 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database