GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
64 advisories
Filter by severity
apollo-portal has potential unauthorized access issue
Moderate
CVE-2024-43397
was published
for
com.ctrip.framework.apollo:apollo
(Maven)
Aug 20, 2024
Keycloak's admin API allows low privilege users to use administrative functions
High
CVE-2024-3656
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 11, 2024
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability
Moderate
CVE-2024-28087
was published
for
org.bonitasoft.engine:bonita-server
(Maven)
May 15, 2024
Apache HugeGraph-Server: Command execution in gremlin
Critical
CVE-2024-27348
was published
for
org.apache.hugegraph:hugegraph-api
(Maven)
Apr 22, 2024
Keycloak vulnerable to impersonation via logout token exchange
Low
CVE-2023-0657
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
High
CVE-2024-22234
was published
for
org.springframework.security:spring-security-core
(Maven)
Feb 20, 2024
Graylog vulnerable to instantiation of arbitrary classes triggered by API request
High
CVE-2024-24824
was published
for
org.graylog2:graylog2-server
(Maven)
Feb 7, 2024
Sandbox escape in Artemis Java Test Sandbox
High
CVE-2024-23681
was published
for
de.tum.in.ase:artemis-java-test-sandbox
(Maven)
Jan 19, 2024
Broken access control in Silverpeas
Moderate
CVE-2023-47321
was published
for
org.silverpeas.core:silverpeas-core-web
(Maven)
Dec 13, 2023
Broken access control in Silverpeas
Moderate
CVE-2023-47327
was published
for
org.silverpeas.core:silverpeas-core-web
(Maven)
Dec 13, 2023
Broken access control in Silverpeas
Moderate
CVE-2023-47325
was published
for
org.silverpeas.core:silverpeas-core-web
(Maven)
Dec 13, 2023
Broken access control in Silverpeas
Low
CVE-2023-47320
was published
for
org.silverpeas.core:silverpeas-core-war
(Maven)
Dec 13, 2023
SaToken privilege escalation vulnerability
Critical
CVE-2023-44794
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud
Moderate
CVE-2023-36820
was published
for
io.micronaut.security:micronaut-security-oauth2
(Maven)
Oct 5, 2023
XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution
Critical
CVE-2023-40573
was published
for
com.xpn.xwiki.platform.plugins:xwiki-plugin-scheduler
(Maven)
Aug 23, 2023
PowerJob incorrect access control vulnerability
High
CVE-2023-36106
was published
for
tech.powerjob:powerjob
(Maven)
Aug 17, 2023
Access Control Bypass in Spring Security
Critical
CVE-2023-34034
was published
for
org.springframework.security:spring-security-config
(Maven)
Jul 19, 2023
PlantUML Improper Access Control vulnerability
Moderate
CVE-2023-3431
was published
for
net.sourceforge.plantuml:plantuml-mit
(Maven)
Jun 27, 2023
Liferay portal unauthorized access to objects via OAuth 2 scope
Moderate
CVE-2023-33946
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2023
Liferay portal has unauthorized access to object definition via search
Moderate
CVE-2023-33947
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2023
XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode
Critical
CVE-2023-29526
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 20, 2023
xwiki-platform-web-templates allows users to be created even when registration is disabled without validation via template macro
Moderate
CVE-2023-29513
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Apr 20, 2023
PowerJob vulnerable to Incorrect Access Control via the create user/save interface.
Moderate
CVE-2023-29922
was published
for
tech.powerjob:powerjob
(Maven)
Apr 19, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for unauthorized server connections
Moderate
CVE-2023-28675
was published
for
org.jenkinsci.plugins:octoperf
(Maven)
Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for ID enumeration
Moderate
CVE-2023-28673
was published
for
org.jenkinsci.plugins:octoperf
(Maven)
Apr 2, 2023
ProTip!
Advisories are also available from the
GraphQL API