Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,791
Erlang
36
GitHub Actions
29
Go
2,370
Maven
5,000+
npm
3,995
NuGet
720
pip
3,789
Pub
12
RubyGems
927
Rust
984
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,906 advisories

Loading
Graylog vulnerable to privilege escalation through API tokens High
CVE-2025-53106 was published for org.graylog2:graylog2-server (Maven) Jun 30, 2025
thll
Janssen Config API returns results without scope verification High
CVE-2025-53003 was published for io.jans:jans-config-api-server (Maven) Jun 30, 2025
jackson-core can throw a StackoverflowError when processing deeply nested data High
CVE-2025-52999 was published for com.fasterxml.jackson.core:jackson-core (Maven) Jun 27, 2025
Allure Report allows Improper XXE Restriction via DocumentBuilderFactory High
CVE-2025-52888 was published for io.qameta.allure.plugins:junit-xml-plugin (Maven) Jun 25, 2025
DerekHaber baev
sentry-android unmasked sensitive data in Android Session Replays for users of Jetpack Compose 1.8+ High
GHSA-7cjh-xx4r-qh3f was published for io.sentry:sentry-android (Maven) Jun 20, 2025
Crafter Studio Groovy Sandbox Bypass High
CVE-2025-6384 was published for org.craftercms:crafter-studio (Maven) Jun 19, 2025
PowSyBl Core allows deserialization of untrusted SparseMatrix data High
CVE-2025-47771 was published for com.powsybl:powsybl-math (Maven) Jun 19, 2025
arthurscchan AdamKorcz
olperr1 rolnico
Liferay Portal SessionClicks does not restrict the saving of request parameters in the HTTP session High
CVE-2025-3526 was published for com.liferay.portal:com.liferay.portal.kernel (Maven) Jun 16, 2025
Apache Tomcat - DoS in multipart upload High
CVE-2025-48988 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 16, 2025
Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers High
CVE-2025-48976 was published for org.apache.commons:commons-fileupload2-core (Maven) Jun 16, 2025
ryanmurf
Liferay Portal path traversal vulnerability with the downloading and installation of Xuggler High
CVE-2025-3594 was published for com.liferay:com.liferay.server.admin.web (Maven) Jun 16, 2025
Liferay Portal does not limit the depth of a GraphQL queries High
CVE-2025-3602 was published for com.liferay:com.liferay.portal.vulcan.impl (Maven) Jun 16, 2025
XWiki does not require right warnings for XClass definitions High
CVE-2025-49585 was published for org.xwiki.platform:xwiki-platform-security-requiredrights-default (Maven) Jun 13, 2025
XWiki allows remote code execution through preview of XClass changes in AWM editor High
CVE-2025-49586 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 13, 2025
XWiki makes title of inaccessible pages available through the class property values REST API High
CVE-2025-49584 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Jun 13, 2025
XWiki allows remote code execution through default value of wiki macro wiki-type parameters High
CVE-2025-49581 was published for org.xwiki.platform:xwiki-platform-rendering-wikimacro-store (Maven) Jun 13, 2025
XWiki's required right warnings for macros are incomplete High
CVE-2025-49582 was published for org.xwiki.platform:xwiki-platform-rendering-macro-cache (Maven) Jun 13, 2025
XWiki allows privilege escalation through link refactoring High
CVE-2025-49580 was published for org.xwiki.platform:xwiki-platform-refactoring-default (Maven) Jun 13, 2025
pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration High
CVE-2025-49146 was published for org.postgresql:postgresql (Maven) Jun 11, 2025
jawj
GeoServer vulnerable to SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx High
GHSA-68cf-j696-wvv9 was published for org.geoserver:gs-wfs (Maven) Jun 10, 2025
felixmaechtle nils-loose
GeoNetwork affected by XML External Entity (XXE) processing vulnerability in WFS indexing REST API endpoint High
GHSA-2p76-gc46-5fvc was published for org.geonetwork-opensource:gn-web-app (Maven) Jun 10, 2025
jodygarnett josegar74
[XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service High
CVE-2025-30220 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
xbow-security YacineF
aaime jodygarnett
GeoServer Infinite Loop Vulnerability in Jiffle process High
CVE-2025-30145 was published for org.geoserver.extension:gs-wps-core (Maven) Jun 10, 2025
sikeoka
GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost High
CVE-2024-29198 was published for org.geoserver.web:gs-app (Maven) Jun 10, 2025
thomsmith felixmaechtle
davidblasby nils-loose jodygarnett aaime
Apache Kafka Deserialization of Untrusted Data vulnerability High
CVE-2025-27818 was published for org.apache.kafka:kafka (Maven) Jun 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database