Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,656
Maven
5,000+
npm
4,284
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

314 advisories

Loading
Jenkins Git client Plugin file system information disclosure vulnerability Moderate
CVE-2025-58458 was published for org.jenkins-ci.plugins:git-client (Maven) Sep 3, 2025
Valtimo scripting engine can be used to gain access to sensitive data or resources Critical
CVE-2025-58059 was published for com.ritense.valtimo:core (Maven) Aug 28, 2025
OpenSearch unauthorized data access on fields protected by field level security if field is a member of an object Moderate
GHSA-2rjv-cv85-xhgm was published for org.opensearch.plugin:opensearch-security (Maven) Aug 1, 2025
OpenSearch unauthorized data access on fields protected by field masking for fields of type ip, geo_point, geo_shape, xy_point, xy_shape Moderate
GHSA-rrmm-wq7q-h4v5 was published for org.opensearch.plugin:opensearch-security (Maven) Aug 1, 2025
Opencast still publishes global system account credentials Moderate
CVE-2025-54380 was published for org.opencastproject:opencast-common (Maven) Jul 25, 2025
lkiesow
Credited to lkiesow
Reactor Netty HTTP is vulnerable to credential leaks during chained redirects Moderate
CVE-2025-22227 was published for io.projectreactor.netty:reactor-netty-http (Maven) Jul 16, 2025
Janssen Config API returns results without scope verification High
CVE-2025-53003 was published for io.jans:jans-config-api-server (Maven) Jun 30, 2025
GWC Home Page communicate version and revision information Moderate
CVE-2024-38524 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
sikeoka
Credited to sikeoka
GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) Critical
CVE-2024-34711 was published for org.geoserver.main:gs-main (Maven) Jun 10, 2025
lemauanhphong jodygarnett
Credited to lemauanhphong and jodygarnett
Apache IoTDB Discloses Sensitive Information via Log Files Moderate
CVE-2025-26864 was published for apache-iotdb (Maven) May 14, 2025
Apache IoTDB JDBC Driver Discloses Sensitive Information via Log Files Moderate
CVE-2025-26795 was published for org.apache.iotdb:iotdb-jdbc (Maven) May 14, 2025
AnonySE26
Credited to AnonySE26
Apache Commons VFS Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2025-30474 was published for org.apache.commons:commons-vfs2 (Maven) Mar 23, 2025
com.xwiki.confluencepro:application-confluence-migrator-pro-ui's application homepage is public High
CVE-2025-27604 was published for com.xwiki.confluencepro:application-confluence-migrator-pro-ui (Maven) Mar 7, 2025
GeoNetwork search end-point information disclosure in response headers Moderate
CVE-2024-32037 was published for org.geonetwork-opensource:gn-services (Maven) Feb 11, 2025
josegar74 jodygarnett
Credited to josegar74 and jodygarnett
SQL injection in JeecgBoot High
CVE-2024-57606 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Feb 8, 2025
PMD Designer's release key passphrase (GPG) available on Maven Central in cleartext Critical
CVE-2025-23215 was published for net.sourceforge.pmd:pmd-core (Maven) Jan 31, 2025
hboutemy yusuke-koyoshi
Credited to hboutemy and yusuke-koyoshi
RuoYi allowed unauthorized attackers to view the session ID of the admin in the system monitoring High
CVE-2024-57436 was published for com.ruoyi:ruoyi (Maven) Jan 29, 2025
HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information Moderate
CVE-2025-24363 was published for org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli (Maven) Jan 24, 2025
pat-ryan-health
Credited to pat-ryan-health
Welcome and About GeoServer pages communicate version and revision information Moderate
CVE-2024-35230 was published for org.geoserver.web:gs-web-app (Maven) Dec 16, 2024
jodygarnett
Credited to jodygarnett
http4k has a potential XXE (XML External Entity Injection) vulnerability Critical
CVE-2024-55875 was published for org.http4k:http4k-format-xml (Maven) Dec 12, 2024
JAckLosingHeart
Credited to JAckLosingHeart
Withdrawn Advisory: undertow: information leakage via HTTP/2 request header reuse High
CVE-2024-4109 was published for io.undertow:undertow-core (Maven) Dec 12, 2024 withdrawn
Graylog concurrent PDF report rendering can leak other users' reports High
CVE-2024-52506 was published for org.graylog:graylog-parent (Maven) Nov 18, 2024
hornetq vulnerable to file overwrite, sensitive information disclosure High
CVE-2024-51127 was published for org.hornetq:hornetq-core-client (Maven) Nov 4, 2024
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission Moderate
CVE-2024-47805 was published for org.jenkins-ci.plugins:credentials (Maven) Oct 2, 2024
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials Low
CVE-2024-47197 was published for org.apache.maven.plugins:maven-archetype-plugin (Maven) Sep 26, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database