Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

5,265 advisories

Loading
HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information Moderate
CVE-2025-24363 was published for org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli (Maven) Jan 24, 2025
XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher` High
CVE-2024-52807 was published for org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli (Maven) Jan 24, 2025
dotasek
Apache Wicket: An attacker can intentionally trigger a memory leak Critical
CVE-2024-53299 was published for org.apache.wicket:wicket-core (Maven) Jan 23, 2025
Cross site scripting in Silverpeas Core Moderate
CVE-2024-56923 was published for org.silverpeas.core:silverpeas-core (Maven) Jan 22, 2025
CSRF vulnerability in Jenkins Azure Service Fabric Plugin Moderate
CVE-2025-24402 was published for org.jenkins-ci.plugins:service-fabric (Maven) Jan 22, 2025
Disabled permissions can be granted by Folder-based in Jenkins Authorization Strategy Plugin Moderate
CVE-2025-24401 was published for io.jenkins.plugins:folder-auth (Maven) Jan 22, 2025
Missing permission checks in Jenkins Azure Service Fabric Plugin Moderate
CVE-2025-24403 was published for org.jenkins-ci.plugins:service-fabric (Maven) Jan 22, 2025
Incorrect permission check in Jenkins GitLab Plugin allows enumerating credentials IDs Moderate
CVE-2025-24397 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Jan 22, 2025
Bitbucket Server Integration Plugin allows bypassing CSRF protection for any URL High
CVE-2025-24398 was published for io.jenkins.plugins:atlassian-bitbucket-server-integration (Maven) Jan 22, 2025
Improper handling of case sensitivity in Jenkins OpenId Connect Authentication Plugin High
CVE-2025-24399 was published for org.jenkins-ci.plugins:oic-auth (Maven) Jan 22, 2025
Cache confusion in Jenkins Eiffel Broadcaster Plugin Moderate
CVE-2025-24400 was published for com.axis.jenkins.plugins.eiffel:eiffel-broadcaster (Maven) Jan 22, 2025
Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak Moderate
CVE-2025-0604 was published for org.keycloak:keycloak-ldap-federation (Maven) Jan 22, 2025
Elasticsearch allocation of resources without limits or throttling leads to crash Moderate
CVE-2024-43709 was published for org.elasticsearch:elasticsearch (Maven) Jan 21, 2025
Apache CXF: Denial of Service vulnerability with temporary files Moderate
CVE-2025-23184 was published for org.apache.cxf:cxf-core (Maven) Jan 21, 2025
HAL Console has a Cross Site Scripting (XSS) vulnerability of user input Moderate
CVE-2025-23366 was published for org.jboss.hal:hal-console (Maven) Jan 16, 2025
Insecure Temporary File in RESTEasy Moderate
CVE-2023-0482 was published for org.jboss.resteasy:resteasy-core (Maven) Jan 15, 2025
Duplicate Advisory: Wildfly HAL Console Cross-Site Scripting Moderate
GHSA-5wjw-h8x5-v65m was published for org.jboss.hal:hal-console (Maven) Jan 14, 2025 withdrawn
Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability Moderate
CVE-2024-45627 was published for org.apache.linkis:linkis-metadata-query-service-jdbc (Maven) Jan 14, 2025
XWiki Realtime WYSIWYG Editor extension allows privilege escalation (PR) through realtime WYSIWYG editing Critical
CVE-2025-23025 was published for org.xwiki.platform:xwiki-platform-realtime-wysiwyg-ui (Maven) Jan 14, 2025
Denial of Service in Keycloak Server via Security Headers Moderate
CVE-2024-11734 was published for org.keycloak:keycloak-quarkus-server (Maven) Jan 13, 2025
Keycloak allows unrestricted admin use of system and environment variables Moderate
CVE-2024-11736 was published for org.keycloak:keycloak-quarkus-server (Maven) Jan 13, 2025
shawkins
jte's HTML templates containing Javascript template strings are subject to XSS Moderate
CVE-2025-23026 was published for gg.jte:jte (Maven) Jan 13, 2025
Petersoj
Apache OpenMeetings vulnerable to Deserialization of Untrusted Data Critical
CVE-2024-54676 was published for org.apache.openmeetings:openmeetings-parent (Maven) Jan 8, 2025
Narayana deadlock via multiple join requests sent to LRA Coordinator Moderate
CVE-2024-8447 was published for org.jboss.narayana.rts:lra-coordinator-jar (Maven) Jan 2, 2025
Apache NiFi: Missing Complete Authorization for Parameter and Service References Low
CVE-2024-56512 was published for org.apache.nifi:nifi-web-api (Maven) Dec 28, 2024
exceptionfactory
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database