Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

1,778 advisories

Loading
Cross-Site Request Forgery in JFinalCMS via /admin/category/update High
CVE-2023-49395 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/category/delete High
CVE-2023-49398 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/category/save High
CVE-2023-49396 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/tag/update High
CVE-2023-49377 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/slide/update High
CVE-2023-49374 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/friend_link/delete High
CVE-2023-49380 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS High
CVE-2023-49376 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/form/save High
CVE-2023-49378 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS High
CVE-2023-49373 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS High
CVE-2023-49372 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via the component /admin/friend_link/save High
CVE-2023-49379 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/friend_link/update High
CVE-2023-49375 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability High
CVE-2023-41835 was published for org.apache.struts:struts2-core (Maven) Dec 5, 2023
Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data High
CVE-2023-6481 was published for ch.qos.logback:logback-core (Maven) Dec 4, 2023
Apache Tiles: Unvalidated input may lead to path traversal and XXE High
CVE-2023-49735 was published for org.apache.tiles:tiles-core (Maven) Dec 1, 2023
Jenkins MATLAB Plugin XML External Entity vulnerability High
CVE-2023-49656 was published for org.jenkins-ci.plugins:matlab (Maven) Nov 29, 2023
Jenkins MATLAB Plugin cross-site request forgery vulnerability High
CVE-2023-49655 was published for org.jenkins-ci.plugins:matlab (Maven) Nov 29, 2023
Jenkins MATLAB Plugin missing permission checks High
CVE-2023-49654 was published for org.jenkins-ci.plugins:matlab (Maven) Nov 29, 2023
logback serialization vulnerability High
CVE-2023-6378 was published for ch.qos.logback:logback-classic (Maven) Nov 29, 2023
jakehall-gocity bvahdat
mpenttila liaodaniel peppers-joseph
Apache ActiveMQ Deserialization of Untrusted Data vulnerability High
CVE-2022-41678 was published for org.apache.activemq:apache-activemq (Maven) Nov 28, 2023
sunSUNQ
Apache Tomcat Improper Input Validation vulnerability High
CVE-2023-46589 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 28, 2023
biehl1
ureport arbitrary file read vulnerability High
CVE-2023-48848 was published for com.bstek.ureport:ureport2-core (Maven) Nov 28, 2023
Reactor Netty HTTP Server denial of service vulnerability High
CVE-2023-34054 was published for io.projectreactor.netty:reactor-netty-core (Maven) Nov 28, 2023
mpihelgas
Spring Framework vulnerable to denial of service High
CVE-2023-34053 was published for org.springframework:spring-webmvc (Maven) Nov 28, 2023
sunSUNQ
Improper Neutralization of Input in Advanced User Interface for Jolt High
CVE-2023-49145 was published for org.apache.nifi:nifi-jolt-transform-json-ui (Maven) Nov 28, 2023
exceptionfactory
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database