GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
4,944 advisories
Filter by severity
Genie Path Traversal vulnerability via File Uploads
Critical
CVE-2024-4701
was published
for
com.netflix.genie:genie-web
(Maven)
May 9, 2024
MS Basic Cross-site Scripting vulnerability
Moderate
CVE-2024-33748
was published
for
net.mingsoft:ms-basic
(Maven)
May 7, 2024
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning
Low
CVE-2024-34447
was published
for
org.bouncycastle:bcprov-jdk12
(Maven)
May 3, 2024
Eclipse Vert.x vulnerable to a memory leak in TCP servers
Moderate
CVE-2024-1300
was published
for
io.vertx:vertx-core
(Maven)
Apr 2, 2024
Eclipse Vert.x memory leak
Moderate
CVE-2024-1023
was published
for
io.vertx:vertx-core
(Maven)
Mar 27, 2024
angular vulnerable to super-linear runtime due to backtracking
High
CVE-2024-21490
was published
for
angular
(Maven)
Feb 10, 2024
Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
High
CVE-2024-23898
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jan 24, 2024
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
Critical
CVE-2024-23897
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jan 24, 2024
Spring Security OAuth vulnerable to remote code execution (RCE)
Critical
CVE-2018-1260
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 18, 2018
Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views
High
CVE-2016-4977
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 18, 2018
Open Redirect in Spring Security OAuth
Moderate
CVE-2019-11269
was published
for
org.springframework.security.oauth:spring-security-oauth
(Maven)
Jun 13, 2019
Denial of service in Spring Security OAuth2
Moderate
CVE-2022-22969
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Apr 22, 2022
XXL-JOB contains a Command execution vulnerability in background tasks
Critical
CVE-2022-40929
was published
for
com.xuxueli:xxl-job-core
(Maven)
Sep 29, 2022
Jenkins Git server Plugin does not perform a permission check
Moderate
CVE-2024-34146
was published
for
org.jenkins-ci.plugins:git-server
(Maven)
May 2, 2024
Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling
Moderate
CVE-2024-23944
was published
for
org.apache.zookeeper:zookeeper
(Maven)
Mar 15, 2024
Apache Zeppelin Path Traversal vulnerability
Moderate
CVE-2024-31860
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Apache Tomcat Improper Access Control vulnerability
Critical
CVE-2016-8735
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 13, 2022
quarkus-core leaks local environment variables from Quarkus namespace during application's build
High
CVE-2024-2700
was published
for
io.quarkus:quarkus-core
(Maven)
Apr 4, 2024
Apache Inlong Deserialization of Untrusted Data vulnerability
High
CVE-2024-26579
was published
for
org.apache.inlong:manager-pojo
(Maven)
May 8, 2024
Reading specially crafted serializable objects from an untrusted source may cause an infinite loop and denial of service
Moderate
CVE-2024-22871
was published
for
org.clojure:clojure
(Maven)
Feb 29, 2024
Apache Hive Code Injection vulnerability
Moderate
CVE-2023-35701
was published
for
org.apache.hive:hive-jdbc
(Maven)
May 3, 2024
Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service
High
CVE-2022-34917
was published
for
org.apache.kafka:kafka
(Maven)
Sep 21, 2022
XNIO denial of service vulnerability
High
CVE-2023-5685
was published
for
org.jboss.xnio:xnio-api
(Maven)
Mar 22, 2024
Neo4j Cypher component mishandles IMMUTABLE privileges
Moderate
CVE-2024-34517
was published
for
org.neo4j:neo4j-cypher
(Maven)
May 7, 2024
Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure
Moderate
CVE-2024-4536
was published
for
org.eclipse.edc:connector-core
(Maven)
May 7, 2024
ProTip!
Advisories are also available from the
GraphQL API