GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
1,652 advisories
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`)
High
CVE-2024-28848
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 24, 2024
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)
High
CVE-2024-28847
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 24, 2024
Ant Media Server vulnerable to a local privilege escalation
High
CVE-2024-32656
was published
for
io.antmedia:ant-media-server
(Maven)
Apr 22, 2024
google-oauth-java-client improperly verifies cryptographic signature
High
CVE-2021-22573
was published
for
com.google.oauth-client:google-oauth-client
(Maven)
Apr 9, 2024
Eclipse Kura LogServlet vulnerability
High
CVE-2024-3046
was published
for
org.eclipse.kura:org.eclipse.kura.web2
(Maven)
Apr 9, 2024
quarkus-core leaks local environment variables from Quarkus namespace during application's build
High
CVE-2024-2700
was published
for
io.quarkus:quarkus-core
(Maven)
Apr 4, 2024
XNIO denial of service vulnerability
High
CVE-2023-5685
was published
for
org.jboss.xnio:xnio-api
(Maven)
Mar 22, 2024
Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API
High
CVE-2023-51444
was published
for
org.geoserver:gs-platform
(Maven)
Mar 20, 2024
GeoServer log file path traversal vulnerability
High
CVE-2023-41877
was published
for
org.geoserver:gs-main
(Maven)
Mar 20, 2024
Spring Framework URL Parsing with Host Validation Vulnerability
High
CVE-2024-22259
was published
for
org.springframework:spring-web
(Maven)
Mar 16, 2024
ProTip!
Advisories are also available from the
GraphQL API