Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,871 advisories

Loading
keycloak-core: open redirect via "form_post.jwt" JARM response mode Moderate
CVE-2023-6927 was published for org.keycloak:keycloak-core (Maven) Jan 23, 2024
PontusHanssen kasperkarlsson
Chetven
Insertion of Sensitive Information into Log File in OWASP DependencyCheck Moderate
CVE-2024-23686 was published for org.owasp:dependency-check-ant (Maven) Jan 20, 2024
r3kumar
Hard-coded credentials in org.folio:mod-remote-storage Moderate
CVE-2024-23685 was published for org.folio:mod-remote-storage (Maven) Jan 19, 2024
JavaScript execution via malicious molfiles (XSS) Moderate
CVE-2024-0758 was published for de.ipb-halle:molecularfaces (Maven) Jan 19, 2024
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java Moderate
CVE-2024-23680 was published for com.amazonaws:aws-encryption-sdk-java (Maven) Jan 19, 2024
oscerd
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information Moderate
CVE-2024-21733 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 19, 2024
westonsteimel
Stored Cross Site Scripting in beetl-bbs Moderate
CVE-2024-22491 was published for com.ibeetl:beetl (Maven) Jan 16, 2024
Apache Solr allows read access to host environmet variables Moderate
CVE-2023-50290 was published for org.apache.solr:solr-core (Maven) Jan 15, 2024
Apache Shiro vulnerable to path traversal Moderate
CVE-2023-46749 was published for org.apache.shiro:shiro-core (Maven) Jan 15, 2024
Cross-site Scripting in JFinal Moderate
CVE-2024-22493 was published for com.jfinal:jfinal (Maven) Jan 12, 2024
Cross-site Scripting in JFinal Moderate
CVE-2024-22492 was published for com.jfinal:jfinal (Maven) Jan 12, 2024
Qualys Jenkins Plugin for WAS XML External Entity vulnerability Moderate
CVE-2023-6149 was published for com.qualys.plugins:qualys-was (Maven) Jan 9, 2024
Qualys Jenkins Plugin for Policy Compliance Cross-site Scripting vulnerability Moderate
CVE-2023-6148 was published for com.qualys.plugins:qualys-pc (Maven) Jan 9, 2024
Qualys Jenkins Plugin for Policy Compliance XML External Entity vulnerability Moderate
CVE-2023-6147 was published for com.qualys.plugins:qualys-pc (Maven) Jan 9, 2024
IPAddress Infinite Loop vulnerability (Disputed) Moderate
CVE-2023-50570 was published for com.github.seancfoley:ipaddress (Maven) Dec 29, 2023 withdrawn
mike-jumper
JLine vulnerable to out of memory error Moderate
CVE-2023-50572 was published for org.jline:jline-parent (Maven) Dec 29, 2023
ShifuML shifu code injection vulnerability Moderate
CVE-2023-7148 was published for ml.shifu:shifu (Maven) Dec 29, 2023
Infinispan caches credentials in clear text Moderate
CVE-2023-5384 was published for org.infinispan:infinispan-cachestore-jdbc (Maven) Dec 28, 2023
json-path Out-of-bounds Write vulnerability Moderate
CVE-2023-51074 was published for com.jayway.jsonpath:json-path (Maven) Dec 27, 2023
phrabec SunBK201
mvel2 TimeOut error exists in the ParseTools.subCompileExpression method Moderate
CVE-2023-51079 was published for org.mvel:mvel2 (Maven) Dec 27, 2023
OpenCRX Cross-site Scripting vulnerability Moderate
CVE-2023-27150 was published for org.opencrx:opencrx-core (Maven) Dec 26, 2023
WSO2 Registry Stored Cross Site Scripting (XSS) vulnerability Moderate
CVE-2023-6911 was published for org.wso2.carbon.registry:carbon-registry (Maven) Dec 22, 2023
Grails data binding causes JVM crash and/or other denial of service Moderate
CVE-2023-46131 was published for org.grails:grails-databinding (Maven) Dec 20, 2023
Duplicate Advisory: Keycloak Open Redirect vulnerability Moderate
GHSA-3p75-q5cc-qmj7 was published for org.keycloak:keycloak-parent (Maven) Dec 19, 2023 withdrawn
Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri Moderate
CVE-2023-6134 was published for org.keycloak:keycloak-services (Maven) Dec 18, 2023
lauritzh
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database