GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,714
Erlang
34
GitHub Actions
28
Go
2,301
Maven
5,000+
npm
3,942
NuGet
711
pip
3,711
Pub
12
RubyGems
920
Rust
960
Swift
38
Unreviewed advisories
All unreviewed
5,000+
5,576 advisories
Filter by severity
Jenkins AsakusaSatellite Plugin Does not Mask API Keys via Job Configuration Form
Moderate
CVE-2025-31728
was published
for
org.codefirst.jenkins.asakusasatellite:asakusa-satellite-plugin
(Maven)
Apr 2, 2025
jooby-pac4j: deserialization of untrusted data
High
CVE-2025-31129
was published
for
io.jooby:jooby-pac4j
(Maven)
Apr 1, 2025
Apache Camel Missing Header Out Filter Leads to Potential Bypass/Injection Vulnerability
Moderate
CVE-2025-30177
was published
for
org.apache.camel:camel-undertow
(Maven)
Apr 1, 2025
Apache Parquet Avro Module Vulnerable to Arbitrary Code Execution
Critical
CVE-2025-30065
was published
for
org.apache.parquet:parquet-avro
(Maven)
Apr 1, 2025
Apache Pinot Vulnerable to Authentication Bypass
Critical
CVE-2024-56325
was published
for
org.apache.pinot:pinot
(Maven)
Apr 1, 2025
Apache ActiveMQ Artemis User Without Create Address Permissions can Modify Address Routing-Type
Low
CVE-2025-27427
was published
for
org.apache.activemq:artemis-server
(Maven)
Apr 1, 2025
Netty QUIC hash collision DoS attack
Moderate
CVE-2025-29908
was published
for
io.netty.incubator:netty-incubator-codec-quic
(Maven)
Mar 31, 2025
Solon Vulnerable to Path Traversal
Moderate
CVE-2025-2961
was published
for
org.noear:solon-view
(Maven)
Mar 31, 2025
Infinispan Potential Out of Memory Error via REST Compare API Buffer API
Moderate
CVE-2024-6875
was published
for
org.infinispan:infinispan-query
(Maven)
Mar 28, 2025
Duplicate Advisory: HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store
Moderate
GHSA-hp88-hfjw-2hg4
was published
for
org.jboss.hal:hal-console
(Maven)
Mar 28, 2025
•
withdrawn
Apache Kylin Code Injection via JDBC Configuration Alteration
Low
CVE-2025-30067
was published
for
org.apache.kylin:kylin
(Maven)
Mar 27, 2025
Apache Kylin Server-Side Request Forgery (SSRF) via `/kylin/api/xxx/diag` Endpoint
Low
CVE-2024-48944
was published
for
org.apache.kylin:kylin-common-server
(Maven)
Mar 27, 2025
WildFly Elytron OpenID Connect Client ExtensionOIDC authorization code injection attack
Moderate
CVE-2024-12369
was published
for
org.wildfly.security:wildfly-elytron
(Maven)
Mar 25, 2025
Keycloak Denial of Service (DoS) Vulnerability via JWT Token Cache
Moderate
CVE-2025-2559
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 25, 2025
OpenDaylight SFC Allows Unauthorized Privileged Execution via Crafted Request
Critical
CVE-2025-29315
was published
for
org.opendaylight.sfc:sfc-parent
(Maven)
Mar 24, 2025
OpenDaylight SFC Insecure Shiro Cookie Configuration
High
CVE-2025-29314
was published
for
org.opendaylight.sfc:odl-sfc-openflow-renderer
(Maven)
Mar 24, 2025
OpenDaylight SFC Denial of Service (DoS)
High
CVE-2025-29313
was published
for
org.opendaylight.sfc:odl-sfc-openflow-renderer
(Maven)
Mar 24, 2025
Spring Security Vulnerable to Authorization Bypass via Security Annotations
Moderate
CVE-2025-22223
was published
for
org.springframework.security:spring-security-core
(Maven)
Mar 24, 2025
Apache Commons VFS Has Relative Path Traversal Vulnerability
High
CVE-2025-27553
was published
for
org.apache.commons:commons-vfs2
(Maven)
Mar 23, 2025
Apache Commons VFS Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2025-30474
was published
for
org.apache.commons:commons-vfs2
(Maven)
Mar 23, 2025
aizuda snail-job Vulnerable to Deserialization via `nodeExpression` Argument
Moderate
CVE-2025-2622
was published
for
com.aizuda:snail-job
(Maven)
Mar 22, 2025
Apache Oozie Cross-Site Scripting (XSS)
Moderate
CVE-2025-26796
was published
for
org.apache.oozie:oozie-core
(Maven)
Mar 22, 2025
Liferay Portal and Liferay DXP Reveals Data via Forms
Moderate
CVE-2025-2565
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Mar 20, 2025
Apache Druid vulnerable to Server-Side Request Forgery, Cross-site Scripting, Open Redirect
Moderate
CVE-2025-27888
was published
for
org.apache.druid:druid
(Maven)
Mar 20, 2025
H2O Vulnerable to Arbitrary File Overwrite
High
CVE-2024-8616
was published
for
ai.h2o:h2o-core
(Maven)
Mar 20, 2025
ProTip!
Advisories are also available from the
GraphQL API