Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,779 advisories

Loading
Arbitrary file read vulnerability in Jenkins Log Command Plugin High
CVE-2024-23904 was published for org.jenkins-ci.plugins:log-command (Maven) Jan 24, 2024
Content-Security-Policy disabled by Red Hat Dependency Analytics Jenkins Plugin High
CVE-2024-23905 was published for io.jenkins.plugins:redhat-dependency-analytics (Maven) Jan 24, 2024
Cross-site WebSocket hijacking vulnerability in the Jenkins CLI High
CVE-2024-23898 was published for org.jenkins-ci.main:jenkins-core (Maven) Jan 24, 2024
Arbitrary file read vulnerability in Git server Plugin can lead to RCE High
CVE-2024-23899 was published for org.jenkins-ci.plugins:git-server (Maven) Jan 24, 2024
Spring Framework server Web DoS Vulnerability High
CVE-2024-22233 was published for org.springframework:spring-core (Maven) Jan 22, 2024
aruneko reva
YukiInu fnxpt schmidt-fu tolmaidis LukaszGrzesik
Sandbox escape in Artemis Java Test Sandbox High
CVE-2024-23682 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024
Sandbox escape in Artemis Java Test Sandbox High
CVE-2024-23683 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024
Sandbox escape in Artemis Java Test Sandbox High
CVE-2024-23681 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024
Exposure of sensitive information in ClickHouse High
CVE-2024-23689 was published for com.clickhouse:clickhouse-client (Maven) Jan 19, 2024
Inefficient Algorithmic Complexity in com.upokecenter:cbor High
CVE-2024-23684 was published for com.upokecenter:cbor (Maven) Jan 19, 2024
Code injection in mingSoft MCMS High
CVE-2023-51282 was published for net.mingsoft:ms-mcms (Maven) Jan 16, 2024
Remote Code Execution vulnerability in Apache IoTDB via UDF High
CVE-2023-46226 was published for apache-iotdb (Maven) Jan 15, 2024
XWiki vulnerable to Denial of Service attack through attachments High
CVE-2024-21651 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Jan 8, 2024
XWiki has no right protection on rollback action High
CVE-2024-21648 was published for org.xwiki.platform:xwiki-platform (Maven) Jan 8, 2024
Apache Axis Improper Input Validation vulnerability High
CVE-2023-51441 was published for axis:axis (Maven) Jan 6, 2024
ebickle
Ion Java StackOverflow vulnerability High
CVE-2024-21634 was published for com.amazon.ion:ion-java (Maven) Jan 3, 2024
ebickle
Apache InLong Manager Arbitrary File Read Vulnerability High
CVE-2023-51785 was published for org.apache.inlong:manager-pojo (Maven) Jan 3, 2024
Apache DolphinScheduler: Arbitrary js execute as root for authenticated users High
CVE-2023-49299 was published for org.apache.dolphinscheduler:dolphinscheduler-master (Maven) Dec 30, 2023
Mingsoft MCMS SQL injection High
CVE-2023-50578 was published for net.mingsoft:ms-mcms (Maven) Dec 30, 2023
Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions High
CVE-2023-3629 was published for org.infinispan:infinispan-server-rest (Maven) Dec 30, 2023
Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions High
CVE-2023-3628 was published for org.infinispan:infinispan-server-rest (Maven) Dec 30, 2023
easy-rules-mvel vulnerable to remote code execution High
CVE-2023-50571 was published for org.jeasy:easy-rules-mvel (Maven) Dec 29, 2023
Infinispan circular object references causes out of memory errors High
CVE-2023-5236 was published for org.infinispan.protostream:protostream (Maven) Dec 28, 2023
hutool-core was discovered to contain a stack overflow via NumberUtil.toBigDecimal method High
CVE-2023-51080 was published for cn.hutool:hutool-core (Maven) Dec 27, 2023
henrikplate
hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function High
CVE-2023-51075 was published for cn.hutool:hutool-core (Maven) Dec 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database