Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,871 advisories

Loading
SQL injection in Folio Spring Module Core Moderate
CVE-2022-4963 was published for org.folio:spring-module-core (Maven) Mar 21, 2024
Improper Authentication in Spring Authorization Server Moderate
CVE-2024-22258 was published for org.springframework.security:spring-security-oauth2-authorization-server (Maven) Mar 20, 2024
GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23821 was published for org.geoserver:gs-gwc (Maven) Mar 20, 2024
sikeoka
GeoServer's MapML HTML Page vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23819 was published for org.geoserver.extension:gs-mapml (Maven) Mar 20, 2024
sikeoka
GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23818 was published for org.geoserver:gs-wms (Maven) Mar 20, 2024
sikeoka
GeoServer's GWC Seed Form vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23643 was published for org.geoserver:gs-gwc-rest (Maven) Mar 20, 2024
sikeoka
GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23642 was published for org.geoserver:gs-wms (Maven) Mar 20, 2024
sikeoka
GeoServer's Style Publisher vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23640 was published for org.geoserver:gs-main (Maven) Mar 20, 2024
sikeoka
GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API Moderate
CVE-2024-23634 was published for org.geoserver:gs-restconfig (Maven) Mar 20, 2024
sikeoka
Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API Moderate
CVE-2023-51445 was published for org.geoserver:gs-restconfig (Maven) Mar 20, 2024
thomsmith VertigoM
Cross-Site Request Forgery in Apache Wicket Moderate
CVE-2024-27439 was published for org.apache.wicket:wicket (Maven) Mar 19, 2024
Improper Input Validation vulnerability in Apache Hop Engine Moderate
CVE-2024-24683 was published for org.apache.hop:hop (Maven) Mar 19, 2024
FitNesse Cross-site Scripting vulnerability Moderate
CVE-2024-28128 was published for org.fitnesse:fitnesse (Maven) Mar 18, 2024
Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling Moderate
CVE-2024-23944 was published for org.apache.zookeeper:zookeeper (Maven) Mar 15, 2024
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat Moderate
CVE-2024-23672 was published for org.apache.tomcat.embed:tomcat-embed-websocket (Maven) Mar 13, 2024
westonsteimel
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests Moderate
CVE-2024-24549 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Mar 13, 2024
oscerd westonsteimel
Apache Pulsar: Improper Authorization For Topic-Level Policy Management Moderate
CVE-2024-28098 was published for org.apache.pulsar:pulsar-broker (Maven) Mar 12, 2024
oscerd
Jenkins Delphix Plugin has SSL/TLS certificate validation disabled by default Moderate
CVE-2024-28161 was published for org.jenkins-ci.plugins:delphix (Maven) Mar 6, 2024
Jenkins Subversion Partial Release Manager Plugin missing permission check Moderate
CVE-2024-28159 was published for org.jenkins-ci.plugins:svn-partial-release-mgr (Maven) Mar 6, 2024
Jenkins docker-build-step Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2024-2215 was published for org.jenkins-ci.plugins:docker-build-step (Maven) Mar 6, 2024
Jenkins iceScrum Plugin vulnerable to stored Cross-site Scripting Moderate
CVE-2024-28160 was published for org.jenkins-ci.plugins:icescrum (Maven) Mar 6, 2024
Jenkins docker-build-step Plugin missing permission check Moderate
CVE-2024-2216 was published for org.jenkins-ci.plugins:docker-build-step (Maven) Mar 6, 2024
Jenkins Delphix Plugin has improper SSL/TLS certificate validation Moderate
CVE-2024-28162 was published for org.jenkins-ci.plugins:delphix (Maven) Mar 6, 2024
Jenkins AppSpider Plugin missing permission checks Moderate
CVE-2024-28155 was published for com.rapid7:jenkinsci-appspider-plugin (Maven) Mar 6, 2024
Jenkins Subversion Partial Release Manager Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-28158 was published for org.jenkins-ci.plugins:svn-partial-release-mgr (Maven) Mar 6, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database