Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,790
Erlang
36
GitHub Actions
29
Go
2,370
Maven
5,000+
npm
3,994
NuGet
720
pip
3,783
Pub
12
RubyGems
927
Rust
982
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,906 advisories

Loading
Remote Code Execution (RCE) vulnerability in dropwizard-validation High
CVE-2020-5245 was published for io.dropwizard:dropwizard-validation (Maven) Feb 24, 2020
pwntester SunBK201
poc-effectiveness
Graylog vulnerable to privilege escalation through API tokens High
CVE-2025-53106 was published for org.graylog2:graylog2-server (Maven) Jun 30, 2025
thll
Databricks JDBC Driver Command Injection vulnerability High
CVE-2024-49194 was published for com.databricks:databricks-jdbc (Maven) Dec 17, 2024
Insecure Default Initialization of Resource vulnerability in Apache Solr High
CVE-2024-45217 was published for org.apache.solr:solr (Maven) Oct 16, 2024
Withdrawn Advisory: Improper Certificate Validation in Apache Qpid Proton High
CVE-2019-0223 was published for org.apache.qpid:proton-j (Maven) May 24, 2022 withdrawn
nhakmiller
Janssen Config API returns results without scope verification High
CVE-2025-53003 was published for io.jans:jans-config-api-server (Maven) Jun 30, 2025
Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers High
CVE-2025-48976 was published for org.apache.commons:commons-fileupload2-core (Maven) Jun 16, 2025
ryanmurf
Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server High
CVE-2024-51504 was published for org.apache.zookeeper:zookeeper (Maven) Nov 7, 2024
ferdlestier
io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout High
CVE-2025-1634 was published for io.quarkus:quarkus-resteasy (Maven) Feb 26, 2025
r3kumar
Liferay Portal and Liferay DXP insecure default configuration High
CVE-2021-33321 was published for com.liferay.portal:com.liferay.portal.impl (Maven) May 24, 2022
Liferay Portal and Liferay DXP autosaves form data for other users to see High
CVE-2021-33323 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP fails to invalidate password reset tokens after use High
CVE-2021-33322 was published for com.liferay.portal:com.liferay.portal.impl (Maven) May 24, 2022
jackson-core can throw a StackoverflowError when processing deeply nested data High
CVE-2025-52999 was published for com.fasterxml.jackson.core:jackson-core (Maven) Jun 27, 2025
Allure Report allows Improper XXE Restriction via DocumentBuilderFactory High
CVE-2025-52888 was published for io.qameta.allure.plugins:junit-xml-plugin (Maven) Jun 25, 2025
DerekHaber baev
NULL Pointer Dereference in Protocol Buffers High
CVE-2021-22570 was published for Google.Protobuf (Composer) Jan 27, 2022
joshbressers
protobuf susceptible to buffer overflow High
CVE-2015-5237 was published for Google.Protobuf (Composer) May 13, 2022
Arbitrary file read vulnerability in Jenkins Log Command Plugin High
CVE-2024-23904 was published for org.jenkins-ci.plugins:log-command (Maven) Jan 24, 2024
Spring Framework server Web DoS Vulnerability High
CVE-2024-22233 was published for org.springframework:spring-core (Maven) Jan 22, 2024
aruneko reva
YukiInu fnxpt schmidt-fu tolmaidis LukaszGrzesik
Sandbox escape in Artemis Java Test Sandbox High
CVE-2024-23682 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024
Inefficient Algorithmic Complexity in com.upokecenter:cbor High
CVE-2024-23684 was published for com.upokecenter:cbor (Maven) Jan 19, 2024
Remote Code Execution vulnerability in Apache IoTDB via UDF High
CVE-2023-46226 was published for apache-iotdb (Maven) Jan 15, 2024
sentry-android unmasked sensitive data in Android Session Replays for users of Jetpack Compose 1.8+ High
GHSA-7cjh-xx4r-qh3f was published for io.sentry:sentry-android (Maven) Jun 20, 2025
PowSyBl Core allows deserialization of untrusted SparseMatrix data High
CVE-2025-47771 was published for com.powsybl:powsybl-math (Maven) Jun 19, 2025
arthurscchan AdamKorcz
olperr1 rolnico
Crafter Studio Groovy Sandbox Bypass High
CVE-2025-6384 was published for org.craftercms:crafter-studio (Maven) Jun 19, 2025
Alkacon OpenCMS CSV Injection via New User module High
CVE-2019-11819 was published for org.opencms:opencms-core (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database