Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,871 advisories

Loading
BoringSSLAEADContext in Netty Repeats Nonces Moderate
CVE-2024-36121 was published for io.netty.incubator:netty-incubator-codec-ohttp (Maven) Jun 5, 2024
SalusaSecondus
iq80 Snappy out-of-bounds read when uncompressing data, leading to JVM crash Moderate
CVE-2024-36124 was published for org.iq80.snappy:snappy (Maven) Jun 4, 2024
OpenCMS Cross-Site Scripting vulnerability Moderate
CVE-2024-5520 was published for org.opencms:opencms-core (Maven) May 30, 2024
Kwik does not discard unused encryption keys Moderate
CVE-2024-22588 was published for tech.kwik:kwik (Maven) May 24, 2024
Eclipse Ditto vulnerable to Cross-site Scripting Moderate
CVE-2024-5165 was published for org.eclipse.ditto:ditto (Maven) May 23, 2024
Silverpeas Core vulnerable to Cross Site Scripting Moderate
CVE-2024-29392 was published for org.silverpeas.core:silverpeas-core (Maven) May 22, 2024
binary-1024
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability Moderate
CVE-2024-28087 was published for org.bonitasoft.engine:bonita-server (Maven) May 15, 2024
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. Moderate
CVE-2024-29857 was published for BouncyCastle (Maven) May 14, 2024
levpachmanov
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack") Moderate
CVE-2024-30171 was published for BouncyCastle (Maven) May 14, 2024
levpachmanov
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop Moderate
CVE-2024-30172 was published for BouncyCastle (Maven) May 14, 2024
levpachmanov amita-seal
Neo4j Cypher component mishandles IMMUTABLE privileges Moderate
CVE-2024-34517 was published for org.neo4j:neo4j-cypher (Maven) May 7, 2024
irene221b
MS Basic Cross-site Scripting vulnerability Moderate
CVE-2024-33748 was published for net.mingsoft:ms-basic (Maven) May 7, 2024
Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure Moderate
CVE-2024-4536 was published for org.eclipse.edc:connector-core (Maven) May 7, 2024
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning Moderate
CVE-2024-34447 was published for org.bouncycastle:bcprov-jdk12 (Maven) May 3, 2024
samueloph binary-1024
hmolsen
Apache Hive Code Injection vulnerability Moderate
CVE-2023-35701 was published for org.apache.hive:hive-jdbc (Maven) May 3, 2024
oscerd
Wildfly vulnerable to denial of service Moderate
CVE-2024-4029 was published for org.wildfly:wildfly-domain-http (Maven) May 2, 2024
Jenkins Git server Plugin does not perform a permission check Moderate
CVE-2024-34146 was published for org.jenkins-ci.plugins:git-server (Maven) May 2, 2024
Jenkins Subversion Partial Release Manager Plugin programmatically disables the fix for CVE-2016-3721 Moderate
CVE-2024-34148 was published for org.jenkins-ci.plugins:partial-release-manager (Maven) May 2, 2024
Jberet: jberet-core logging database credentials Moderate
CVE-2024-1102 was published for org.jberet:jberet-core (Maven) Apr 25, 2024
Quarkus: security checks in resteasy reactive may trigger a denial of service Moderate
CVE-2024-1726 was published for io.quarkus.resteasy.reactive:resteasy-reactive (Maven) Apr 25, 2024
Quarkus: authorization flaw in quarkus resteasy reactive and classic Moderate
CVE-2023-5675 was published for io.quarkus:quarkus-resteasy-reactive-common (Maven) Apr 25, 2024
bschuhmann
Apache HugeGraph-Hubble: SSRF in Hubble connection page Moderate
CVE-2024-27347 was published for org.apache.hugegraph:hugegraph-hubble (Maven) Apr 22, 2024
Keycloak vulnerable to session hijacking via re-authentication Moderate
CVE-2023-6787 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Keycloak vulnerable to log Injection during WebAuthn authentication or registration Moderate
CVE-2023-6484 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
dhvakr
Keycloak Authorization Bypass vulnerability Moderate
CVE-2023-6544 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database