Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,871 advisories

Loading
Broken access control in Silverpeas Moderate
CVE-2023-47325 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
Broken access control in Silverpeas Moderate
CVE-2023-47321 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
Alkacon OpenCMS XSS via Mercury template Moderate
CVE-2023-6379 was published for org.opencms:opencms-core (Maven) Dec 13, 2023
Cross-site Scripting in JFinalCMS Moderate
CVE-2023-49486 was published for com.jfinal:jfinal (Maven) Dec 8, 2023
Cross-site Scripting in JFinalCMS Moderate
CVE-2023-49485 was published for com.jfinal:jfinal (Maven) Dec 8, 2023
Cross-site Scripting in JFinalCMS Moderate
CVE-2023-49487 was published for com.jfinal:jfinal (Maven) Dec 8, 2023
Quarkus Cache Runtime exposes sensitive information to an unauthorized actor Moderate
CVE-2023-6393 was published for io.quarkus:quarkus-cache (Maven) Dec 6, 2023
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
Elasticsearch-hadoop Unsafe Deserialization Moderate
CVE-2023-46674 was published for org.elasticsearch:elasticsearch-hadoop (Maven) Dec 5, 2023
OpenSearch StackOverflow vulnerability Moderate
GHSA-6g3j-p5g6-992f was published for org.opensearch:opensearch (Maven) Dec 1, 2023
Eclipse IDE XXE in eclipse.platform Moderate
CVE-2023-4218 was published for org.eclipse.jdt:org.eclipse.jdt.ui (Maven) Nov 30, 2023
jukzi dbwiddis
Apache DolphinScheduler Missing Authorization vulnerability Moderate
CVE-2023-49620 was published for org.apache.dolphinscheduler:dolphinscheduler-api (Maven) Nov 30, 2023
Jenkins Google Compute Engine Plugin has incorrect permission checks Moderate
CVE-2023-49652 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) Nov 29, 2023
Jenkins Jira Plugin vulnerable to exposure of system-scoped credentials Moderate
CVE-2023-49653 was published for org.jenkins-ci.plugins:jira (Maven) Nov 29, 2023
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check Moderate
CVE-2023-49674 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) Nov 29, 2023
secjoker
Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2023-49673 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) Nov 29, 2023
secjoker
Spring Boot Actuator denial of service vulnerability Moderate
CVE-2023-34055 was published for org.springframework.boot:spring-boot-actuator (Maven) Nov 28, 2023
sealbenb
Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year Moderate
GHSA-r68h-jhhj-9jvm was published for org.owasp.esapi:esapi (Maven) Nov 27, 2023
Apache DolphinScheduler Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-49068 was published for org.apache.dolphinscheduler:dolphinscheduler-api (Maven) Nov 27, 2023
Bouncy Castle Denial of Service (DoS) Moderate
CVE-2023-33202 was published for org.bouncycastle:bcpkix-jdk18on (Maven) Nov 23, 2023
ind-team ebickle
mpihelgas
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files Moderate
CVE-2023-43123 was published for org.apache.storm:storm-core (Maven) Nov 23, 2023
MarkLee131
Directory Traversal in jeecg-boot Moderate
CVE-2023-47467 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Nov 22, 2023
Elasticsearch Improper Handling of Exceptional Conditions Moderate
CVE-2023-46673 was published for org.elasticsearch:elasticsearch (Maven) Nov 22, 2023
Cross-site Scripting in OpenCRX Moderate
CVE-2023-40814 was published for org.opencrx:opencrx-core-models (Maven) Nov 18, 2023
Cross-site Scripting in OpenCRX Moderate
CVE-2023-40817 was published for org.opencrx:opencrx-core-models (Maven) Nov 18, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database