Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,419 advisories

Loading
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission Moderate
CVE-2024-47805 was published for org.jenkins-ci.plugins:credentials (Maven) Oct 2, 2024
Jenkins item creation restriction bypass vulnerability Moderate
CVE-2024-47804 was published for org.jenkins-ci.main:jenkins-core (Maven) Oct 2, 2024
Jenkins exposes multi-line secrets through error messages Moderate
CVE-2024-47803 was published for org.jenkins-ci.main:jenkins-core (Maven) Oct 2, 2024
Liferay Portal vulnerable to Denial of Service Moderate
CVE-2024-26265 was published for com.liferay.portal:release.portal.bom (Maven) Feb 20, 2024
Liferay Portal denial-of-service vulnerability Moderate
CVE-2024-25144 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. Moderate
CVE-2024-45772 was published for org.apache.lucene:lucene-replicator (Maven) Sep 30, 2024
streichsbaer
Eclipse Glassfish improperly handles http parameters Moderate
CVE-2024-9329 was published for org.glassfish.main.admin:rest-service (Maven) Sep 30, 2024
Spring Framework DoS via conditional HTTP request Moderate
CVE-2024-38809 was published for org.springframework:spring-web (Maven) Sep 24, 2024
Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin Moderate
CVE-2023-41934 was published for org.jenkins-ci.plugins:pipeline-maven (Maven) Sep 6, 2023
Apache Submarine Commons Utils has a hard-coded secret Moderate
CVE-2024-36264 was published for apache-submarine (Maven) Jun 12, 2024
Undertow Missing Release of Memory after Effective Lifetime vulnerability Moderate
CVE-2024-3653 was published for io.undertow:undertow-core (Maven) Jul 9, 2024
Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit Moderate
CVE-2024-8642 was published for org.eclipse.edc:transfer-data-plane (Maven) Sep 11, 2024
org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users Moderate
CVE-2024-46979 was published for org.xwiki.platform:xwiki-platform-notifications-ui (Maven) Sep 18, 2024
org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions Moderate
CVE-2024-46978 was published for org.xwiki.platform:xwiki-platform-notifications-ui (Maven) Sep 18, 2024
floerer
Keycloak Services has a potential bypass of brute force protection Moderate
CVE-2024-4629 was published for org.keycloak:keycloak-services (Maven) Sep 17, 2024
Duplicate Advisory: Keycloak has a brute force login protection bypass Moderate
GHSA-8wm9-24qg-m5qj was published for org.keycloak:keycloak-services (Maven) Sep 3, 2024 withdrawn
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability Moderate
CVE-2024-46943 was published for org.opendaylight.aaa:aaa-artifacts (Maven) Sep 16, 2024
Keycloak Denial of Service vulnerability Moderate
CVE-2023-6841 was published for org.keycloak:keycloak-core (Maven) Sep 10, 2024
abstractj
Infinispan circular object references causes out of memory errors Moderate
CVE-2023-5236 was published for org.infinispan.protostream:protostream (Maven) Dec 28, 2023
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries Moderate
CVE-2024-46942 was published for org.opendaylight.mdsal:mdsal-artifacts (Maven) Sep 16, 2024
Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions Moderate
CVE-2023-3629 was published for org.infinispan:infinispan-server-rest (Maven) Dec 30, 2023
Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions Moderate
CVE-2023-3628 was published for org.infinispan:infinispan-server-rest (Maven) Dec 30, 2023
Cross-site Scripting in Apache Atlas Moderate
CVE-2017-3155 was published for org.apache.atlas:atlas-common (Maven) May 17, 2022
Cross-site Scripting in Apache Atlas Moderate
CVE-2017-3152 was published for org.apache.atlas:atlas-common (Maven) May 17, 2022
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40828 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database