GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,655 advisories
Filter by severity
Authorization bypass in Quarkus
High
CVE-2023-6394
was published
for
io.quarkus:quarkus-smallrye-graphql-client
(Maven)
Dec 9, 2023
Data leak of password hash through change requests
High
CVE-2023-49280
was published
for
org.xwiki.contrib.changerequest:application-changerequest-default
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/div/update
High
CVE-2023-49381
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/tag/save
High
CVE-2023-49383
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via admin/nav/delete
High
CVE-2023-49448
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/div/delete
High
CVE-2023-49382
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/nav/save
High
CVE-2023-49446
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/category/save
High
CVE-2023-49396
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/category/updateStatus
High
CVE-2023-49397
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/category/delete
High
CVE-2023-49398
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/nav/update
High
CVE-2023-49447
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/category/update
High
CVE-2023-49395
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/form/save
High
CVE-2023-49378
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/friend_link/delete
High
CVE-2023-49380
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/tag/update
High
CVE-2023-49377
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS
High
CVE-2023-49372
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via the component /admin/friend_link/save
High
CVE-2023-49379
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/friend_link/update
High
CVE-2023-49375
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/slide/update
High
CVE-2023-49374
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS
High
CVE-2023-49376
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS
High
CVE-2023-49373
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability
High
CVE-2023-41835
was published
for
org.apache.struts:struts2-core
(Maven)
Dec 5, 2023
Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data
High
CVE-2023-6481
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 4, 2023
Apache Tiles: Unvalidated input may lead to path traversal and XXE
High
CVE-2023-49735
was published
for
org.apache.tiles:tiles-core
(Maven)
Dec 1, 2023
Jenkins MATLAB Plugin missing permission checks
High
CVE-2023-49654
was published
for
org.jenkins-ci.plugins:matlab
(Maven)
Nov 29, 2023
ProTip!
Advisories are also available from the
GraphQL API