GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
269 advisories
Filter by severity
Keycloak Denial of Service via account lockout
Low
CVE-2024-1722
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 12, 2024
Duplicate Advisory: Keycloak DoS via account lockout
Low
GHSA-3hrr-xwvg-hxvr
was published
for
org.keycloak:keycloak-core
(Maven)
Feb 29, 2024
•
withdrawn
Keycloak's improper input validation allows using email as username
Low
CVE-2021-3754
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 12, 2024
QOS.CH logback-core Server-Side Request Forgery vulnerability
Low
CVE-2024-12801
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 19, 2024
Apache Kafka's SCRAM implementation Incorrectly Implements Authentication Algorithm
Low
CVE-2024-56128
was published
for
org.apache.kafka:kafka
(Maven)
Dec 18, 2024
sigstore-java has a vulnerability with bundle verification
Low
CVE-2024-54140
was published
for
dev.sigstore:sigstore-java
(Maven)
Dec 5, 2024
Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability
Low
CVE-2018-1000186
was published
for
org.jenkins-ci.plugins:ghprb
(Maven)
May 14, 2022
veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability
Low
CVE-2024-52800
was published
for
org.verapdf:core
(Maven)
Dec 2, 2024
Duplicate Advisory: Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path
Low
GHSA-6vrw-mpj8-3j59
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
•
withdrawn
Keycloak vulnerable to impersonation via logout token exchange
Low
CVE-2023-0657
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Apache CXF: SSRF vulnerability via WADL stylesheet parameter
Low
CVE-2024-29736
was published
for
org.apache.cxf:cxf-rt-rs-service-description
(Maven)
Jul 19, 2024
OpenSearch Observability does not properly restrict access to private tenant resources
Low
CVE-2024-39901
was published
for
org.opensearch.plugin:opensearch-observability
(Maven)
Jul 10, 2024
Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks
Low
CVE-2024-6762
was published
for
org.eclipse.jetty:jetty-servlets
(Maven)
Oct 14, 2024
Jenkins Report Info Plugin Path Traversal vulnerability
Low
CVE-2024-5273
was published
for
org.jenkins-ci.plugins:report-info
(Maven)
May 24, 2024
Ant Media Server does not properly authorize non-administrative API calls
Low
CVE-2024-3462
was published
for
io.antmedia:ant-media-server
(Maven)
May 14, 2024
Exposure of secrets through system log in Jenkins Structs Plugin
Low
CVE-2024-39458
was published
for
org.jenkins-ci.plugins:structs
(Maven)
Jun 26, 2024
Apache Camel data exposure vulnerability
Low
CVE-2024-22371
was published
for
org.apache.camel:camel-core
(Maven)
Feb 26, 2024
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials
Low
CVE-2024-47197
was published
for
org.apache.maven.plugins:maven-archetype-plugin
(Maven)
Sep 26, 2024
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
Jenkins temporary uploaded file created with insecure permissions
Low
CVE-2023-43498
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Sep 20, 2023
Apache Hadoop: Temporary File Local Information Disclosure
Low
CVE-2024-23454
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Sep 25, 2024
Apache Druid: Users can provide MySQL JDBC properties not on allow list
Low
CVE-2024-45537
was published
for
org.apache.druid:druid
(Maven)
Sep 17, 2024
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability
Low
CVE-2024-45384
was published
for
org.apache.druid.extensions:druid-pac4j
(Maven)
Sep 17, 2024
Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations
Low
GHSA-58qw-p7qm-5rvh
was published
for
org.eclipse.jetty:jetty-xml
(Maven)
Jul 10, 2023
Jetty's OpenId Revoked authentication allows one request
Low
CVE-2023-41900
was published
for
org.eclipse.jetty:jetty-openid
(Maven)
Sep 15, 2023
ProTip!
Advisories are also available from the
GraphQL API