Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,153
Maven
5,000+
npm
3,818
NuGet
693
pip
3,492
Pub
12
RubyGems
902
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,502 advisories

Loading
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakime faroukfaiz10
DuyTran-TomTom derekheld ebickle westonsteimel
Eclipse Jetty has a denial of service vulnerability on DosFilter Moderate
CVE-2024-9823 was published for org.eclipse.jetty.ee10:jetty-ee10-servlets (Maven) Oct 14, 2024
Eclipse Jetty URI parsing of invalid authority Moderate
CVE-2024-6763 was published for org.eclipse.jetty:jetty-http (Maven) Oct 14, 2024
zer0yu
Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission Moderate
CVE-2025-27622 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 6, 2025
Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission Moderate
CVE-2025-27623 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 6, 2025
Jenkins cross-site request forgery (CSRF) vulnerability Moderate
CVE-2025-27624 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 6, 2025
Jenkins Open Redirect vulnerability Moderate
CVE-2025-27625 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 6, 2025
Prototype pollution in json-pointer Moderate
CVE-2020-7709 was published for json-pointer (Maven) May 10, 2021
Apache StreamPipes has improper privilege management in a REST interface Moderate
CVE-2024-24778 was published for org.apache.streampipes:streampipes-parent (Maven) Mar 3, 2025
WSO2 incorrect authorization vulnerability Moderate
CVE-2024-2321 was published for org.wso2.am:am-parent (Maven) Feb 27, 2025
Spring Security Missing Authorization vulnerability Moderate
CVE-2024-38810 was published for org.springframework.security:spring-security-core (Maven) Aug 20, 2024
Jenkins Role-based Authorization Strategy Plugin grants permissions even after they’ve been disabled Moderate
CVE-2023-28668 was published for org.jenkins-ci.plugins:role-strategy (Maven) Apr 2, 2023
Spring Framework vulnerable to denial of service via specially crafted SpEL expression Moderate
CVE-2023-20861 was published for org.springframework:spring-expression (Maven) Mar 23, 2023
amita-seal sunSUNQ
Solon Path Traversal Moderate
CVE-2025-1584 was published for org.noear:solon-web-staticfiles (Maven) Feb 23, 2025
Elasticsearch allocation of resources without limits or throttling leads to crash Moderate
CVE-2024-43709 was published for org.elasticsearch:elasticsearch (Maven) Jan 21, 2025
Denial of Service attack on windows app using Netty Moderate
CVE-2025-25193 was published for io.netty:netty-common (Maven) Feb 10, 2025
chrisvest navzen2000
henrikplate JensBoening1337 jfposton
Spring Framework DoS via conditional HTTP request Moderate
CVE-2024-38809 was published for org.springframework:spring-web (Maven) Sep 24, 2024
weddige
Keycloak allows Incorrect Assignment of an Organization to a User Moderate
CVE-2025-1391 was published for org.keycloak:keycloak-services (Maven) Feb 17, 2025
Kwik hash collision vulnerability Moderate
CVE-2025-23020 was published for tech.kwik:kwik (Maven) Feb 20, 2025
Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions Moderate
CVE-2025-24860 was published for org.apache.cassandra:cassandra-all (Maven) Feb 4, 2025
Apache Cassandra: unrestricted deserialization of JMX authentication credentials Moderate
CVE-2024-27137 was published for org.apache.cassandra:cassandra-all (Maven) Feb 4, 2025
Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider Moderate
CVE-2024-31141 was published for org.apache.kafka:kafka-clients (Maven) Nov 19, 2024
pjfanning
Denial of Service attack on windows app using netty Moderate
CVE-2024-47535 was published for io.netty:netty-common (Maven) Nov 12, 2024
Amossys-PGR AB-xdev
irene221b vmulas
Apache James MIME4J improper input validation vulnerability Moderate
CVE-2024-21742 was published for org.apache.james:apache-mime4j-core (Maven) Feb 27, 2024
Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user Moderate
CVE-2024-46910 was published for org.apache.atlas:apache-atlas (Maven) Feb 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database