Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,367
Maven
5,000+
npm
3,986
NuGet
720
pip
3,778
Pub
12
RubyGems
926
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

87 advisories

Loading
Janssen Config API returns results without scope verification High
CVE-2025-53003 was published for io.jans:jans-config-api-server (Maven) Jun 30, 2025
Apache Commons Improper Access Control vulnerability High
CVE-2025-48734 was published for commons-beanutils:commons-beanutils (Maven) May 28, 2025
Jenkins OpenID Connect Provider Plugin Incorrectly Validates Crafted Build ID Tokens Critical
CVE-2025-47884 was published for io.jenkins.plugins:oidc-provider (Maven) May 14, 2025
BRCC Incorrect Access Control vulnerability Critical
CVE-2025-45616 was published for com.baidu.mapp:brcc-core (Maven) May 5, 2025
OpenDaylight SFC Allows Unauthorized Privileged Execution via Crafted Request Critical
CVE-2025-29315 was published for org.opendaylight.sfc:sfc-parent (Maven) Mar 24, 2025
Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization Claims Moderate
CVE-2025-1391 was published for org.keycloak:keycloak-services (Maven) Mar 10, 2025
Duplicate Advisory: Keycloak allows Incorrect Assignment of an Organization to a User Moderate
GHSA-rq4w-cjrr-h8w8 was published for org.keycloak:keycloak-services (Maven) Feb 17, 2025 withdrawn
WildFly improper RBAC permission Moderate
CVE-2025-23367 was published for org.wildfly.core:wildfly-server (Maven) Jan 31, 2025
General OpenMRS Security Advisory, January 2025: Penetration Testing Results and Patches Critical
GHSA-vpxm-cr3r-pjp9 was published for org.openmrs.module:addresshierarchy (Maven) Jan 30, 2025
slubwama mseaton
Duplicate Advisory: Wildfly Server Role Based Access Control (RBAC) provider has Improper Access Control Moderate
GHSA-fcrw-mphx-7cxf was published for org.wildfly:wildfly-server (Maven) Jan 30, 2025 withdrawn
apollo-portal has potential unauthorized access issue Moderate
CVE-2024-43397 was published for com.ctrip.framework.apollo:apollo (Maven) Aug 20, 2024
Keycloak's admin API allows low privilege users to use administrative functions High
CVE-2024-3656 was published for org.keycloak:keycloak-services (Maven) Jun 11, 2024
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability Moderate
CVE-2024-28087 was published for org.bonitasoft.engine:bonita-server (Maven) May 15, 2024
Apache HugeGraph-Server: Command execution in gremlin Critical
CVE-2024-27348 was published for org.apache.hugegraph:hugegraph-api (Maven) Apr 22, 2024
Keycloak vulnerable to impersonation via logout token exchange Low
CVE-2023-0657 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated High
CVE-2024-22234 was published for org.springframework.security:spring-security-core (Maven) Feb 20, 2024
oscerd
Privilege escalation in Liferay Portal Moderate
CVE-2022-45320 was published for com.liferay.portal:release.portal.bom (Maven) Feb 20, 2024
Graylog vulnerable to instantiation of arbitrary classes triggered by API request High
CVE-2024-24824 was published for org.graylog2:graylog2-server (Maven) Feb 7, 2024
fabsx00
Sandbox escape in Artemis Java Test Sandbox High
CVE-2024-23681 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024
Broken access control in Silverpeas Moderate
CVE-2023-47321 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
Broken access control in Silverpeas Moderate
CVE-2023-47325 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
Broken access control in Silverpeas Moderate
CVE-2023-47327 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
Broken access control in Silverpeas Low
CVE-2023-47320 was published for org.silverpeas.core:silverpeas-core-war (Maven) Dec 13, 2023
SaToken privilege escalation vulnerability Critical
CVE-2023-44794 was published for cn.dev33:sa-token-core (Maven) Oct 25, 2023
io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud Moderate
CVE-2023-36820 was published for io.micronaut.security:micronaut-security-oauth2 (Maven) Oct 5, 2023
tommyli
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database