Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

323 advisories

Loading
Netty vulnerable to request smuggling due to incorrect parsing of chunk extensions Low
CVE-2025-58056 was published for io.netty:netty-codec-http (Maven) Sep 4, 2025
JeppW JLLeitschuh
yawkat
Apache Hadoop: Temporary File Local Information Disclosure Low
CVE-2024-23454 was published for org.apache.hadoop:hadoop-common (Maven) Sep 25, 2024
oscerd
Apache DolphinScheduler Incorrect Default Permissions Vulnerability Low
CVE-2024-43166 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Sep 3, 2025
Opencast has a partial path traversal vulnerability in UI config Low
CVE-2025-55202 was published for org.opencastproject:opencast-user-interface-configuration (Maven) Aug 29, 2025
opsysdebug lkiesow
Bouncy Castle for Java has Out-of-Bounds Write Vulnerability Low
CVE-2025-9340 was published for org.bouncycastle:bc-fips (Maven) Aug 22, 2025
Liferay Portal Reflected Cross-Site Scripting Vulnerability via Form Container Low
CVE-2025-43753 was published for com.liferay:com.liferay.layout.taglib (Maven) Aug 22, 2025
Bouncy Castle for Java Uncontrolled Resource Consumption Vulnerability Low
CVE-2025-9092 was published for org.bouncycastle:bc-fips (Maven) Aug 16, 2025
Liferay Portal Login Bypass Vulnerability Low
CVE-2025-3639 was published for com.liferay.portal:release.portal.bom (Maven) Aug 18, 2025
Liferay Portal Vulnerable to Cross-Site Scripting Low
CVE-2025-43733 was published for com.liferay:com.liferay.layout.taglib (Maven) Aug 18, 2025
Apache Tomcat - CGI security constraint bypass Low
CVE-2025-46701 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 29, 2025
Apache Tomcat Rewrite rule bypass Low
CVE-2025-31651 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 28, 2025
amita-seal taxone
XXL-JOB is vulnerable to SSRF attacks Low
CVE-2025-7787 was published for com.xuxueli:xxl-job-core (Maven) Jul 18, 2025
Apache ActiveMQ Artemis User Without Create Address Permissions can Modify Address Routing-Type Low
CVE-2025-27427 was published for org.apache.activemq:artemis-server (Maven) Apr 1, 2025
XXL SSO is vulnerable to an Open Redirect through malicious manipulation of the redirect_url argument Low
CVE-2025-6701 was published for com.xuxueli:xxl-sso (Maven) Jun 26, 2025
Jenkins User1st uTester Plugin vulnerability exposes unencrypted token to authenticated users Low
CVE-2025-53678 was published for io.jenkins.plugins:user1st-utester (Maven) Jul 9, 2025
Jenkins Testsigma Test Plan vulnerability exposes API keys via job configuration form Low
CVE-2025-53661 was published for io.jenkins.plugins:testsigma (Maven) Jul 9, 2025
Apache Kafka's SCRAM implementation Incorrectly Implements Authentication Algorithm Low
CVE-2024-56128 was published for org.apache.kafka:kafka_2.10 (Maven) Dec 18, 2024
PowSyBl Core Contains a Polynomial ReDoS in RegexCriterion Low
CVE-2025-48059 was published for com.powsybl:powsybl-contingency-api (Maven) Jun 19, 2025
arthurscchan AdamKorcz
rolnico olperr1
Alkacon OpenCMS XSS via New User module Low
CVE-2019-11818 was published for org.opencms:opencms-core (Maven) May 24, 2022
Alkacon OpenCMS XSS via title and requestedResource parameters Low
CVE-2013-4600 was published for org.opencms:opencms-core (Maven) May 17, 2022
Alkacon OpenCMS XSS via homelink, workplaceresource, mode and query parameters Low
CVE-2015-2351 was published for org.opencms:opencms-core (Maven) May 14, 2022
Alkacon OpenCMS XSS via searchfilter parameter in system/workplace/admin/workplace/sessions.jsp Low
CVE-2008-1753 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon OpenCMS XSS via searchfilter or listSearchFilter parameter Low
CVE-2008-1510 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon Open CMS XSS via Logfile Viewer Settings function Low
CVE-2008-1300 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon OpenCMS XSS via file tree navigation in system/workplace/views/explorer/tree_files.jsp Low
CVE-2008-1045 was published for org.opencms:opencms-core (Maven) May 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database