GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,444
Erlang
29
GitHub Actions
16
Go
1,668
Maven
4,928
npm
3,458
NuGet
595
pip
2,876
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+
4,929 advisories
Filter by severity
Netty's HttpPostRequestDecoder can OOM
Moderate
CVE-2024-29025
was published
for
io.netty:netty-codec-http
(Maven)
Mar 25, 2024
XNIO denial of service vulnerability
High
CVE-2023-5685
was published
for
org.jboss.xnio:xnio-api
(Maven)
Mar 22, 2024
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
Moderate
CVE-2024-29133
was published
for
org.apache.commons:commons-configuration2
(Maven)
Mar 21, 2024
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
Moderate
CVE-2024-29131
was published
for
org.apache.commons:commons-configuration2
(Maven)
Mar 21, 2024
SQL injection in Folio Spring Module Core
Moderate
CVE-2022-4963
was published
for
org.folio:spring-module-core
(Maven)
Mar 21, 2024
Improper Authentication in Spring Authorization Server
Moderate
CVE-2024-22258
was published
for
org.springframework.security:spring-security-oauth2-authorization-server
(Maven)
Mar 20, 2024
GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23821
was published
for
org.geoserver:gs-gwc
(Maven)
Mar 20, 2024
GeoServer's MapML HTML Page vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23819
was published
for
org.geoserver.extension:gs-mapml
(Maven)
Mar 20, 2024
GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23818
was published
for
org.geoserver:gs-wms
(Maven)
Mar 20, 2024
GeoServer's GWC Seed Form vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23643
was published
for
org.geoserver:gs-gwc-rest
(Maven)
Mar 20, 2024
GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23642
was published
for
org.geoserver:gs-wms
(Maven)
Mar 20, 2024
GeoServer's Style Publisher vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23640
was published
for
org.geoserver:gs-main
(Maven)
Mar 20, 2024
GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API
Moderate
CVE-2024-23634
was published
for
org.geoserver:gs-restconfig
(Maven)
Mar 20, 2024
Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API
Moderate
CVE-2023-51445
was published
for
org.geoserver:gs-restconfig
(Maven)
Mar 20, 2024
Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API
High
CVE-2023-51444
was published
for
org.geoserver:gs-platform
(Maven)
Mar 20, 2024
GeoServer log file path traversal vulnerability
High
CVE-2023-41877
was published
for
org.geoserver:gs-main
(Maven)
Mar 20, 2024
Cross-Site Request Forgery in Apache Wicket
Moderate
CVE-2024-27439
was published
for
org.apache.wicket:wicket
(Maven)
Mar 19, 2024
Improper Input Validation vulnerability in Apache Hop Engine
Moderate
CVE-2024-24683
was published
for
org.apache.hop:hop
(Maven)
Mar 19, 2024
Path traversal in flaskcode Devan-Kerman ARRP
High
CVE-2024-24042
was published
for
net.devtech:arrp
(Maven)
Mar 19, 2024
Erroneous authentication pass in Spring Security
High
CVE-2024-22257
was published
for
org.springframework.security:spring-security-core
(Maven)
Mar 18, 2024
Spring Framework URL Parsing with Host Validation Vulnerability
High
CVE-2024-22259
was published
for
org.springframework:spring-web
(Maven)
Mar 16, 2024
Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling
Moderate
CVE-2024-23944
was published
for
org.apache.zookeeper:zookeeper
(Maven)
Mar 15, 2024
SSRF vulnerability using the Aegis DataBinding in Apache CXF
Moderate
CVE-2024-28752
was published
for
org.apache.cxf:cxf-core
(Maven)
Mar 15, 2024
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat
Moderate
CVE-2024-23672
was published
for
org.apache.tomcat.embed:tomcat-embed-websocket
(Maven)
Mar 13, 2024
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
Moderate
CVE-2024-24549
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Mar 13, 2024
ProTip!
Advisories are also available from the
GraphQL API