Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

799 advisories

Loading
Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification Critical
CVE-2024-27317 was published for org.apache.pulsar:pulsar-functions-worker (Maven) Mar 12, 2024
oscerd
nGrinder vulnerable to unsafe Java objects deserialization Critical
CVE-2024-28213 was published for org.ngrinder:ngrinder-core (Maven) Mar 7, 2024
Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability Critical
CVE-2024-26580 was published for org.apache.inlong:manager-common (Maven) Mar 6, 2024
oscerd
Apache James server: Privilege escalation via JMX pre-authentication deserialization Critical
CVE-2023-51518 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd
SAML authentication bypass due to missing validation on unsigned SAML messages Critical
GHSA-hx5q-v6pj-533r was published for com.linecorp.centraldogma:centraldogma-server-auth-saml (Maven) Feb 26, 2024
lishiki
Armeria SAML authentication bypass due to missing validation on unsigned SAML messages Critical
CVE-2024-1735 was published for com.linecorp.armeria:armeria-saml (Maven) Feb 26, 2024
lishiki
org.postgresql:postgresql vulnerable to SQL Injection via line comment generation Critical
CVE-2024-1597 was published for org.postgresql:postgresql (Maven) Feb 21, 2024
paul-gerste-sonarsource
Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2023-47795 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2024-26266 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2024-25603 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting Critical
CVE-2024-26269 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting Critical
CVE-2024-25147 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2024-25152 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2024-25601 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting Critical
CVE-2024-25602 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting Critical
CVE-2023-40191 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting Critical
CVE-2023-42496 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting Critical
CVE-2023-42498 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal has a Stored XSS with Blog entries (Insecure defaults) Critical
CVE-2024-25610 was published for com.liferay.portal:com.liferay.portal.web (Maven) Feb 20, 2024
Remote Code Execution in Apache Dolphinscheduler Critical
CVE-2023-49109 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
Duplicate Advisory: SQL injection in pgjdbc Critical
GHSA-xfg6-62px-cxc2 was published for org.postgresql:postgresql (Maven) Feb 19, 2024 withdrawn
Liferay Portal stored cross-site scripting (XSS) vulnerability Critical
CVE-2024-25145 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 7, 2024
Central Dogma Authentication Bypass Vulnerability via Session Leakage Critical
CVE-2024-1143 was published for com.linecorp.centraldogma:centraldogma-server (Maven) Feb 2, 2024
minwoox
Beetl Server-Side Template Injection vulnerability Critical
CVE-2024-22533 was published for com.ibeetl:beetl-core (Maven) Feb 2, 2024
yoshizawa-masatoshi
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE Critical
CVE-2024-23897 was published for org.jenkins-ci.main:jenkins-core (Maven) Jan 24, 2024
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database