Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

5,251 advisories

Loading
HAL Console has a Cross Site Scripting (XSS) vulnerability of user input Moderate
CVE-2025-23366 was published for org.jboss.hal:hal-console (Maven) Jan 16, 2025
Insecure Temporary File in RESTEasy Moderate
CVE-2023-0482 was published for org.jboss.resteasy:resteasy-core (Maven) Jan 15, 2025
Duplicate Advisory: Wildfly HAL Console Cross-Site Scripting Moderate
GHSA-5wjw-h8x5-v65m was published for org.jboss.hal:hal-console (Maven) Jan 14, 2025 withdrawn
Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability Moderate
CVE-2024-45627 was published for org.apache.linkis:linkis-metadata-query-service-jdbc (Maven) Jan 14, 2025
XWiki Realtime WYSIWYG Editor extension allows privilege escalation (PR) through realtime WYSIWYG editing Critical
CVE-2025-23025 was published for org.xwiki.platform:xwiki-platform-realtime-wysiwyg-ui (Maven) Jan 14, 2025
Denial of Service in Keycloak Server via Security Headers Moderate
CVE-2024-11734 was published for org.keycloak:keycloak-quarkus-server (Maven) Jan 13, 2025
Keycloak allows unrestricted admin use of system and environment variables Moderate
CVE-2024-11736 was published for org.keycloak:keycloak-quarkus-server (Maven) Jan 13, 2025
shawkins
jte's HTML templates containing Javascript template strings are subject to XSS Moderate
CVE-2025-23026 was published for gg.jte:jte (Maven) Jan 13, 2025
Petersoj
Apache OpenMeetings vulnerable to Deserialization of Untrusted Data Critical
CVE-2024-54676 was published for org.apache.openmeetings:openmeetings-parent (Maven) Jan 8, 2025
Narayana deadlock via multiple join requests sent to LRA Coordinator Moderate
CVE-2024-8447 was published for org.jboss.narayana.rts:lra-coordinator-jar (Maven) Jan 2, 2025
Apache NiFi: Missing Complete Authorization for Parameter and Service References Low
CVE-2024-56512 was published for org.apache.nifi:nifi-web-api (Maven) Dec 28, 2024
exceptionfactory
Amazon Redshift JDBC Driver vulnerable to SQL Injection High
CVE-2024-12744 was published for com.amazon.redshift:redshift-jdbc42 (Maven) Dec 26, 2024
alikrubin
Apache MINA Deserialization RCE Vulnerability Critical
CVE-2024-52046 was published for org.apache.mina:mina-core (Maven) Dec 25, 2024
Malayke
Apache HugeGraph-Server: Fixed JWT Token (Secret) Critical
CVE-2024-43441 was published for org.apache.hugegraph:hugegraph-server (Maven) Dec 24, 2024
Cross Site Scripting (XSS) vulnerability while uploading content to a new deployment Moderate
GHSA-64gp-r758-8pfm was published for org.jboss.hal:hal-console (Maven) Dec 23, 2024
Apache Hive and Spark: CookieSigner exposes the correct signature when message verification fails High
CVE-2024-23945 was published for org.apache.hive:hive-service (Maven) Dec 23, 2024
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability High
CVE-2024-56337 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Dec 20, 2024
greengeko
Spring Framework Path Traversal vulnerability High
CVE-2024-38819 was published for org.springframework:spring-webflux (Maven) Dec 19, 2024
QOS.CH logback-core Expression Language Injection vulnerability Moderate
CVE-2024-12798 was published for ch.qos.logback:logback-core (Maven) Dec 19, 2024
HTHou perexis
GoetzGoerisch pjfanning
QOS.CH logback-core Server-Side Request Forgery vulnerability Low
CVE-2024-12801 was published for ch.qos.logback:logback-core (Maven) Dec 19, 2024
HTHou pjfanning
Apache Kafka's SCRAM implementation Incorrectly Implements Authentication Algorithm Low
CVE-2024-56128 was published for org.apache.kafka:kafka (Maven) Dec 18, 2024
Keycloak vulnerable to Cleartext Transmission of Sensitive Information Moderate
CVE-2024-10973 was published for org.keycloak:keycloak-quarkus-server (Maven) Dec 18, 2024
Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page Moderate
CVE-2023-37940 was published for com.liferay.portal:release.dxp.bom (Maven) Dec 18, 2024
Databricks JDBC Driver Command Injection vulnerability High
CVE-2024-49194 was published for com.databricks:databricks-jdbc (Maven) Dec 17, 2024
Elasticsearch Incorrect Authorization vulnerability Moderate
CVE-2024-12539 was published for org.elasticsearch:elasticsearch (Maven) Dec 17, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database