Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,349
Erlang
31
GitHub Actions
22
Go
2,117
Maven
5,000+
npm
3,770
NuGet
680
pip
3,458
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,487 advisories

Loading
Keycloak on Quarkus CLI option for encrypted JGroups ignored Moderate
CVE-2024-10973 was published for org.keycloak:keycloak-quarkus-server (Maven) Feb 5, 2025
Apache Cassandra: unrestricted deserialization of JMX authentication credentials Moderate
CVE-2024-27137 was published for org.apache.cassandra:cassandra-all (Maven) Feb 4, 2025
Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions Moderate
CVE-2025-23015 was published for org.apache.cassandra:cassandra-all (Maven) Feb 4, 2025
Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions Moderate
CVE-2025-24860 was published for org.apache.cassandra:cassandra-all (Maven) Feb 4, 2025
S3Proxy allows insecure path traversal in filesystem and filesystem-nio2 storage backends Moderate
CVE-2025-24961 was published for org.gaul:s3proxy (Maven) Feb 3, 2025
xbow-security
WildFly improper RBAC permission Moderate
CVE-2025-23367 was published for org.wildfly.core:wildfly-server (Maven) Jan 31, 2025
Duplicate Advisory: Wildfly Server Role Based Access Control (RBAC) provider has Improper Access Control Moderate
GHSA-fcrw-mphx-7cxf was published for org.wildfly:wildfly-server (Maven) Jan 30, 2025 withdrawn
Snowflake JDBC uses insecure temporary credential cache file permissions Moderate
CVE-2025-24790 was published for net.snowflake:snowflake-jdbc (Maven) Jan 29, 2025
RuoYi vulnerable to Denial of Service by attackers with admin privileges Moderate
CVE-2024-57439 was published for com.ruoyi:ruoyi (Maven) Jan 29, 2025
RuoYi has insecure permissions Moderate
CVE-2024-57438 was published for com.ruoyi:ruoyi (Maven) Jan 29, 2025
Apache Hive Incorrectly Assigns Permissions for a Critical Resource Moderate
CVE-2024-29869 was published for org.apache.hive:hive-exec (Maven) Jan 29, 2025
Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing Moderate
CVE-2024-23953 was published for org.apache.hive:hive-llap-common (Maven) Jan 28, 2025
Infinispan vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2025-0736 was published for org.infinispan:infinispan-parent (Maven) Jan 28, 2025
Apache Solr Relative Path Traversal vulnerability Moderate
CVE-2024-52012 was published for org.apache.solr:solr-core (Maven) Jan 27, 2025
HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information Moderate
CVE-2025-24363 was published for org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli (Maven) Jan 24, 2025
pat-ryan-health
Cross site scripting in Silverpeas Core Moderate
CVE-2024-56923 was published for org.silverpeas.core:silverpeas-core (Maven) Jan 22, 2025
Missing permission checks in Jenkins Azure Service Fabric Plugin Moderate
CVE-2025-24403 was published for org.jenkins-ci.plugins:service-fabric (Maven) Jan 22, 2025
Disabled permissions can be granted by Folder-based in Jenkins Authorization Strategy Plugin Moderate
CVE-2025-24401 was published for io.jenkins.plugins:folder-auth (Maven) Jan 22, 2025
CSRF vulnerability in Jenkins Azure Service Fabric Plugin Moderate
CVE-2025-24402 was published for org.jenkins-ci.plugins:service-fabric (Maven) Jan 22, 2025
Cache confusion in Jenkins Eiffel Broadcaster Plugin Moderate
CVE-2025-24400 was published for com.axis.jenkins.plugins.eiffel:eiffel-broadcaster (Maven) Jan 22, 2025
Incorrect permission check in Jenkins GitLab Plugin allows enumerating credentials IDs Moderate
CVE-2025-24397 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Jan 22, 2025
Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak Moderate
CVE-2025-0604 was published for org.keycloak:keycloak-ldap-federation (Maven) Jan 22, 2025
Apache CXF: Denial of Service vulnerability with temporary files Moderate
CVE-2025-23184 was published for org.apache.cxf:cxf-core (Maven) Jan 21, 2025
Elasticsearch allocation of resources without limits or throttling leads to crash Moderate
CVE-2024-43709 was published for org.elasticsearch:elasticsearch (Maven) Jan 21, 2025
HAL Console has a Cross Site Scripting (XSS) vulnerability of user input Moderate
CVE-2025-23366 was published for org.jboss.hal:hal-console (Maven) Jan 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database