GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,810
Erlang
36
GitHub Actions
31
Go
2,396
Maven
5,000+
npm
4,030
NuGet
721
pip
3,820
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+
2,763 advisories
Filter by severity
Apache Jena allows users with administrator access to create databases files outside the files area of the Fuseki server
Moderate
CVE-2025-49656
was published
for
org.apache.jena:jena-fuseki
(Maven)
Jul 21, 2025
Keycloak is vulnerable to bad actors escalating privileges through its Fine-Grained Admin Permissions
Moderate
CVE-2025-7784
was published
for
org.keycloak:keycloak-services
(Maven)
Jul 18, 2025
Eclipse GlassFish is vulnerable to Stored XSS attacks through configuration file modifications
Moderate
CVE-2024-10031
was published
for
org.glassfish.main.admingui:console-common
(Maven)
Jul 16, 2025
Eclipse GlassFish is vulnerable to Stored XSS attacks through its Administration Console
Moderate
CVE-2024-10032
was published
for
org.glassfish.main.admingui:console-cluster-plugin
(Maven)
Jul 16, 2025
Eclipse GlassFish is vulnerable to Reflected XSS attacks through its Administration Console
Moderate
CVE-2024-10029
was published
for
org.glassfish.main.admingui:console-cluster-plugin
(Maven)
Jul 16, 2025
Eclipse GlassFish is vulnerable to Stored XSS attacks through its Administration Console
Moderate
CVE-2024-9343
was published
for
org.glassfish.main.admingui:console-common
(Maven)
Jul 16, 2025
Eclipse GlassFish is vulnerable to Login Brute Force attacks through unlimited failed login attempts
Moderate
CVE-2024-9342
was published
for
org.glassfish.main.admingui:console-common
(Maven)
Jul 16, 2025
Reactor Netty HTTP is vulnerable to credential leaks during chained redirects
Moderate
CVE-2025-22227
was published
for
io.projectreactor.netty:reactor-netty-http
(Maven)
Jul 16, 2025
DSpace is vulnerable to Path Traversal attacks when importing packages using Simple Archive Format
Moderate
CVE-2025-53622
was published
for
org.dspace:dspace-api
(Maven)
Jul 15, 2025
DSpace is vulnerable to XML External Entity injection during archive imports
Moderate
CVE-2025-53621
was published
for
org.dspace:dspace-api
(Maven)
Jul 15, 2025
Apache CXF is vulnerable to DoS attacks as entire files are read into memory and logged
Moderate
CVE-2025-48795
was published
for
org.apache.cxf:cxf-core
(Maven)
Jul 15, 2025
Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs
Moderate
CVE-2025-48924
was published
for
commons-lang:commons-lang
(Maven)
Jul 11, 2025
Nimbus JOSE + JWT is vulnerable to DoS attacks when processing deeply nested JSON
Moderate
CVE-2025-53864
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
Jul 11, 2025
Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams
Moderate
CVE-2025-53506
was published
for
org.apache.tomcat:tomcat-coyote
(Maven)
Jul 10, 2025
Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector
Moderate
CVE-2025-52434
was published
for
org.apache.tomcat:tomcat-util
(Maven)
Jul 10, 2025
Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits
Moderate
CVE-2025-52520
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
Jul 10, 2025
Keycloak vulnerable to phishing attacks through its Review Profile section
Moderate
CVE-2025-7365
was published
for
org.keycloak:keycloak-services
(Maven)
Jul 10, 2025
Jenkins Applitools Eyes Plugin vulnerability does not mask API keys on its job configuration form
Moderate
CVE-2025-53743
was published
for
org.jenkins-ci.plugins:applitools-eyes
(Maven)
Jul 9, 2025
Jenkins Xooa Plugin vulnerability does not mask its Xooa Deployment Token
Moderate
CVE-2025-53677
was published
for
io.jenkins.plugins:xooa
(Maven)
Jul 9, 2025
Jenkins Warrior Framework Plugin vulnerability exposes unencrypted passwords to certain authenticated users
Moderate
CVE-2025-53675
was published
for
org.jenkins-ci.plugins:warrior
(Maven)
Jul 9, 2025
Jenkins Applitools Eyes Plugin vulnerability exposes unencrypted keys to certain authenticated users
Moderate
CVE-2025-53742
was published
for
org.jenkins-ci.plugins:pplitools-eyes
(Maven)
Jul 9, 2025
Jenkins Xooa Plugin vulnerability exposes unencrypted tokens to authenticated users
Moderate
CVE-2025-53676
was published
for
io.jenkins.plugins:xooa
(Maven)
Jul 9, 2025
Jenkins VAddy Plugin vulnerability exposes plaintext keys on its job configuration form
Moderate
CVE-2025-53669
was published
for
org.jenkins-ci.plugins:vaddy-plugin
(Maven)
Jul 9, 2025
Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens
Moderate
CVE-2025-53664
was published
for
com.apica:ApicaLoadtest
(Maven)
Jul 9, 2025
Jenkins QMetry Test Management Plugin vulnerability exposes API keys
Moderate
CVE-2025-53660
was published
for
org.jenkins-ci.plugins:qmetry-test-management
(Maven)
Jul 9, 2025
ProTip!
Advisories are also available from the
GraphQL API