GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,915 advisories
GeoServer vulnerable to SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx
High
GHSA-68cf-j696-wvv9
was published
for
org.geoserver:gs-wfs
(Maven)
Jun 10, 2025
GeoNetwork affected by XML External Entity (XXE) processing vulnerability in WFS indexing REST API endpoint
High
GHSA-2p76-gc46-5fvc
was published
for
org.geonetwork-opensource:gn-web-app
(Maven)
Jun 10, 2025
[XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service
High
CVE-2025-30220
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jun 10, 2025
GeoServer Infinite Loop Vulnerability in Jiffle process
High
CVE-2025-30145
was published
for
org.geoserver.extension:gs-wps-core
(Maven)
Jun 10, 2025
GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost
High
CVE-2024-29198
was published
for
org.geoserver.web:gs-app
(Maven)
Jun 10, 2025
Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies
High
CVE-2025-41235
was published
for
org.springframework.cloud:spring-cloud-gateway-server
(Maven)
May 30, 2025
Eclipse Jetty HTTP/2 client can force the server to allocate a humongous byte buffer that may lead to OoM and subsequently the JVM to exit
High
CVE-2025-1948
was published
for
org.eclipse.jetty.http2:jetty-http2-common
(Maven)
May 8, 2025
**UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate request
High
CVE-2024-13009
was published
for
org.eclipse.jetty:jetty-server
(Maven)
May 8, 2025
Graylog Allows Session Takeover via Insufficient HTML Sanitization
High
CVE-2025-46827
was published
for
org.graylog2:graylog2-server
(Maven)
May 7, 2025
Graylog Allows Stored Cross-Site Scripting via Files Plugin and API Browser
High
GHSA-q9q2-3ppx-mwqf
was published
for
org.graylog2:graylog2-server
(Maven)
May 7, 2025
Keycloak hostname verification
High
CVE-2025-3501
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 30, 2025
ProTip!
Advisories are also available from the
GraphQL API