Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,656
Maven
5,000+
npm
4,284
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,959 advisories

Loading
Ion Java StackOverflow vulnerability High
CVE-2024-21634 was published for com.amazon.ion:ion-java (Maven) Jan 3, 2024
ebickle
Credited to ebickle
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream High
CVE-2024-47072 was published for com.thoughtworks.xstream:xstream (Maven) Nov 7, 2024
DarkaMaul
Credited to DarkaMaul
Apache Tiles: Unvalidated input may lead to path traversal and XXE High
CVE-2023-49735 was published for org.apache.struts:struts-tiles (Maven) Dec 1, 2023
ryanmurf
Credited to ryanmurf
Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability High
CVE-2023-41835 was published for org.apache.struts:struts2-core (Maven) Dec 5, 2023
Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat High
CVE-2024-24749 was published for org.geoserver.web:gs-web-app (Maven) Jul 1, 2024
Kai5174 sikeoka
jodygarnett
Credited to Kai5174, sikeoka, and jodygarnett
Reading specially crafted serializable objects from an untrusted source may cause an infinite loop and denial of service High
CVE-2024-22871 was published for org.clojure:clojure (Maven) Feb 29, 2024
puredanger
Credited to puredanger
JDBC Driver for SQL Server has improper input validation issue High
CVE-2025-59250 was published for com.microsoft.sqlserver:mssql-jdbc (Maven) Oct 14, 2025
Fidget-Grep andreasmh
Credited to Fidget-Grep and andreasmh
Jenkins Applitools Eyes Plugin vulnerable to XSS through its Build page High
CVE-2025-53658 was published for org.jenkins-ci.plugins:applitools-eyes (Maven) Jul 9, 2025
Apache Zeppelin exposes server resources to unauthenticated attackers High
CVE-2024-41169 was published for org.apache.zeppelin:zeppelin-interpreter (Maven) Jul 12, 2025
Apache Jackrabbit vulnerable to blind XXE attack due to insecure document build High
CVE-2025-53689 was published for org.apache.jackrabbit:jackrabbit-core (Maven) Jul 14, 2025
Apache Jena doesn't validate file access paths in configuration files uploaded by users with administrator access High
CVE-2025-50151 was published for org.apache.jena:jena (Maven) Jul 21, 2025
Apache Seata: Deserialization of untrusted Data in Apache Seata Server High
CVE-2025-53606 was published for org.apache.seata:seata-serializer-fury (Maven) Aug 8, 2025
Netty affected by MadeYouReset HTTP/2 DDoS vulnerability High
CVE-2025-55163 was published for io.grpc:grpc-netty-shaded (Maven) Aug 13, 2025
galbarnahum AnatBB
YanivRL aikebah jjweston if-of
Credited to galbarnahum, AnatBB, YanivRL, aikebah, jjweston, and if-of
Apache Tomcat Improper Resource Shutdown or Release vulnerability High
CVE-2025-48989 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Aug 13, 2025
snieguu
Credited to snieguu
Eclipse Jetty affected by MadeYouReset HTTP/2 vulnerability High
CVE-2025-5115 was published for org.eclipse.jetty.http2:http2-common (Maven) Aug 20, 2025
galbarnahum AnatBB
YanivRL
Credited to galbarnahum, AnatBB, and YanivRL
Apache DolphinScheduler vulnerable to Alert Script Attack High
CVE-2024-43115 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Sep 9, 2025
Apache Kylin Authentication Bypass Vulnerability High
CVE-2025-61733 was published for org.apache.kylin:kylin (Maven) Oct 2, 2025
Apache Kylin Files or Directories Accessible to External Parties High
CVE-2025-61734 was published for org.apache.kylin:kylin (Maven) Oct 2, 2025
Apache Kylin Server-Side Request Forgery (SSRF) Vulnerability High
CVE-2025-61735 was published for org.apache.kylin:kylin (Maven) Oct 2, 2025
Apache StreamPark contains an Incorrect Execution-Assigned Permissions vulnerability High
CVE-2025-30001 was published for org.apache.streampark:streampark (Maven) Oct 10, 2025
Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system High
CVE-2025-47410 was published for org.apache.geode:geode-web (Maven) Oct 18, 2025
Apache Syncope allows malicious administrators to inject Groovy code High
CVE-2025-57738 was published for org.apache.syncope.core:syncope-core-spring (Maven) Oct 20, 2025
Jenkins SAML Plugin does not implement a replay cache High
CVE-2025-64131 was published for org.jenkins-ci.plugins:saml (Maven) Oct 29, 2025
Jenkins JDepend Plugin vulnerable to XML external entity attacks High
CVE-2025-64134 was published for org.jenkins-ci.plugins:jdepend (Maven) Oct 29, 2025
Jenkins Azure CLI Plugin does not restrict the commands it executes High
CVE-2025-64140 was published for org.jenkins-ci.plugins:azure-cli (Maven) Oct 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database