Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

5,923 advisories

Loading
Path Traversal in Liferay Portal High
CVE-2022-42123 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Apache Hadoop: Temporary File Local Information Disclosure Low
CVE-2024-23454 was published for org.apache.hadoop:hadoop-common (Maven) Sep 25, 2024
oscerd
Payara, when deployed to the root context, allows attackers to visit META-INF and WEB-INF High
CVE-2022-45129 was published for fish.payara.distributions:payara (Maven) Nov 10, 2022
tstoney-exiger
Liferay Portal Vulnerable to Denial of Service in Kaleo Forms Admin High
CVE-2025-43772 was published for com.liferay:com.liferay.portal.workflow.kaleo.forms.web (Maven) Sep 4, 2025
Vaadin Platform possible file bypass via upload validation on the server-side Moderate
GHSA-c7v7-rqfm-f44j was published for com.vaadin:vaadin (Maven) Sep 4, 2025
Vaadin Flow Components possible file bypass via upload validation on the server-side Moderate
GHSA-94g8-xv23-7656 was published for com.vaadin:vaadin-upload-flow (Maven) Sep 4, 2025
Vaadin Framework possible file bypass via upload validation on the server-side Moderate
CVE-2025-9467 was published for com.vaadin:vaadin-server (Maven) Sep 4, 2025
Keycloak Potential Variable Reference in Model Storage Services Moderate
CVE-2025-9162 was published for org.keycloak:keycloak-model-storage-services (Maven) Aug 21, 2025
Keycloak-services SMTP Inject Vulnerability Moderate
CVE-2025-8419 was published for org.keycloak:keycloak-services (Maven) Aug 6, 2025
Netty's decoders vulnerable to DoS via zip bomb style attack Moderate
CVE-2025-58057 was published for io.netty:netty-codec (Maven) Sep 3, 2025
yawkat
Jenkins OpenTelemetry Plugin missing permission check allows capturing credentials Moderate
CVE-2025-58460 was published for io.jenkins.plugins:opentelemetry (Maven) Sep 3, 2025
Jenkins global-build-stats Plugin missing permission check can result in graph IDs being enumerated Moderate
CVE-2025-58459 was published for org.jenkins-ci.plugins:global-build-stats (Maven) Sep 3, 2025
Jenkins Git client Plugin file system information disclosure vulnerability Moderate
CVE-2025-58458 was published for org.jenkins-ci.plugins:git-client (Maven) Sep 3, 2025
Apache DolphinScheduler Incorrect Default Permissions Vulnerability Low
CVE-2024-43166 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Sep 3, 2025
XStream can be used for Remote Code Execution High
CVE-2020-26217 was published for com.thoughtworks.xstream:xstream (Maven) Nov 16, 2020
Bouncy Castle for Java on All (API modules) allows Excessive Allocation Moderate
CVE-2025-8885 was published for org.bouncycastle:bc-fips (Maven) Aug 12, 2025
xnox
Denial of Service in jquery High
CVE-2016-10707 was published for jQuery (RubyGems) Jan 22, 2018
anlakii
Unrestricted Upload of File with Dangerous Type Apache Tomcat High
CVE-2017-12617 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 14, 2022
sunSUNQ anlakii
Concurrent Execution using Shared Resource with Improper Synchronization in Apache Tomcat High
CVE-2016-8745 was published for org.apache.tomcat:tomcat-util (Maven) May 14, 2022
sunSUNQ anlakii
Apache Log4j 1.x (EOL) allows Denial of Service (DoS) High
CVE-2023-26464 was published for log4j:log4j (Maven) Mar 10, 2023
jw123023 AndrzejBiernacki2010
Spoofing attack in swagger-ui Moderate
CVE-2018-25031 was published for org.webjars:swagger-ui (Maven) Mar 12, 2022
AndrzejBiernacki2010
Regular expression denial of service in apache tika Moderate
CVE-2022-30126 was published for org.apache.tika:tika-core (Maven) May 17, 2022
AndrzejBiernacki2010
Undertow MadeYouReset HTTP/2 DDoS Vulnerability High
CVE-2025-9784 was published for io.undertow:undertow-core (Maven) Sep 2, 2025
Improper Restriction of XML External Entity Reference in Castor Moderate
CVE-2014-3004 was published for org.castor:castor (Maven) May 13, 2022
AndrzejBiernacki2010
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification High
CVE-2016-1000342 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
AndrzejBiernacki2010
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database