GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
64 advisories
Filter by severity
Keycloak vulnerable to impersonation via logout token exchange
Low
CVE-2023-0657
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Access Control Bypass in Spring Security
Critical
CVE-2023-34034
was published
for
org.springframework.security:spring-security-config
(Maven)
Jul 19, 2023
Keycloak's admin API allows low privilege users to use administrative functions
High
CVE-2024-3656
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 11, 2024
PowerJob incorrect access control vulnerability
High
CVE-2023-36106
was published
for
tech.powerjob:powerjob
(Maven)
Aug 17, 2023
SaToken privilege escalation vulnerability
Critical
CVE-2023-44794
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability
Moderate
CVE-2024-28087
was published
for
org.bonitasoft.engine:bonita-server
(Maven)
May 15, 2024
apollo-portal has potential unauthorized access issue
Moderate
CVE-2024-43397
was published
for
com.ctrip.framework.apollo:apollo
(Maven)
Aug 20, 2024
Apache HugeGraph-Server: Command execution in gremlin
Critical
CVE-2024-27348
was published
for
org.apache.hugegraph:hugegraph-api
(Maven)
Apr 22, 2024
Improper Access Control in Apache Shiro
Critical
CVE-2016-4437
was published
for
org.apache.shiro:shiro-core
(Maven)
May 14, 2022
Apache Tomcat Improper Access Control vulnerability
Critical
CVE-2016-8735
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 13, 2022
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
High
CVE-2024-22234
was published
for
org.springframework.security:spring-security-core
(Maven)
Feb 20, 2024
Improper Access Control in Apache Tomcat
High
CVE-2016-0714
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Access Control in Apache Tomcat
High
CVE-2016-5388
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 13, 2022
Graylog vulnerable to instantiation of arbitrary classes triggered by API request
High
CVE-2024-24824
was published
for
org.graylog2:graylog2-server
(Maven)
Feb 7, 2024
Sandbox escape in Artemis Java Test Sandbox
High
CVE-2024-23681
was published
for
de.tum.in.ase:artemis-java-test-sandbox
(Maven)
Jan 19, 2024
Apache Tomcat does not follow ServletSecurity annotations
Moderate
CVE-2011-1419
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Improper Access Control in SLF4J
Critical
CVE-2018-8088
was published
for
org.slf4j:slf4j-ext
(Maven)
May 13, 2022
Apache Struts2 Broken Access Control Vulnerability
Moderate
CVE-2013-4310
was published
for
org.apache.struts:struts2-core
(Maven)
May 17, 2022
Broken access control in Silverpeas
Moderate
CVE-2023-47325
was published
for
org.silverpeas.core:silverpeas-core-web
(Maven)
Dec 13, 2023
Improper Access Control in Apache CXF
Moderate
CVE-2015-5253
was published
for
org.apache.cxf:cxf-rt-rs-security-sso-saml
(Maven)
May 13, 2022
Broken access control in Silverpeas
Moderate
CVE-2023-47327
was published
for
org.silverpeas.core:silverpeas-core-web
(Maven)
Dec 13, 2023
Broken access control in Silverpeas
Moderate
CVE-2023-47321
was published
for
org.silverpeas.core:silverpeas-core-web
(Maven)
Dec 13, 2023
Broken access control in Silverpeas
Low
CVE-2023-47320
was published
for
org.silverpeas.core:silverpeas-core-war
(Maven)
Dec 13, 2023
Missing permission check in Jenkins Build Failure Analyzer Plugin
Moderate
CVE-2019-16554
was published
for
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
(Maven)
May 24, 2022
XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution
Critical
CVE-2023-40573
was published
for
com.xpn.xwiki.platform.plugins:xwiki-plugin-scheduler
(Maven)
Aug 23, 2023
ProTip!
Advisories are also available from the
GraphQL API