GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,466
Erlang
33
GitHub Actions
23
Go
2,166
Maven
5,000+
npm
3,830
NuGet
696
pip
3,507
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+
5,398 advisories
Filter by severity
Snowflake JDBC Driver client-side encryption key in DEBUG logs
Low
CVE-2025-27496
was published
for
net.snowflake:snowflake-jdbc
(Maven)
Mar 13, 2025
Ed25519 Signature Malleability in ed25519-java Due to Missing Scalar Range Check
Moderate
CVE-2020-36843
was published
for
net.i2p.crypto:eddsa
(Maven)
Mar 13, 2025
Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record
Moderate
CVE-2025-27017
was published
for
org.apache.nifi:nifi-mongodb-services
(Maven)
Mar 12, 2025
Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin
Moderate
CVE-2025-27867
was published
for
org.apache.felix:org.apache.felix.http.webconsoleplugin
(Maven)
Mar 12, 2025
Apache Camel Message Header Injection through request parameters
Moderate
CVE-2025-29891
was published
for
org.apache.camel:camel-support
(Maven)
Mar 12, 2025
SmallRye Fault Tolerance out-of-memory (OOM) issue
High
CVE-2025-2240
was published
for
io.smallrye:smallrye-fault-tolerance-core
(Maven)
Mar 12, 2025
Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization Claims
Moderate
CVE-2025-1391
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 10, 2025
Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak
Moderate
CVE-2025-0604
was published
for
org.keycloak:keycloak-ldap-federation
(Maven)
Mar 10, 2025
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
High
CVE-2025-24813
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
Mar 10, 2025
LocalS3 XML Parser Vulnerable to XML External Entity (XXE) Injection
Moderate
GHSA-47qw-ccjm-9c2c
was published
for
io.github.robothy:local-s3-rest
(Maven)
Mar 10, 2025
LocalS3 Project Vulnerable to XML External Entity (XXE) Injection via Bucket Tagging API
Moderate
GHSA-v232-254c-m6p7
was published
for
io.github.robothy:local-s3-rest
(Maven)
Mar 10, 2025
LocalS3 Project Bucket Operations Vulnerable to XML External Entity (XXE) Injection
Moderate
GHSA-2466-4485-4pxj
was published
for
io.github.robothy:local-s3-rest
(Maven)
Mar 10, 2025
LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection
Moderate
CVE-2025-27136
was published
for
io.github.robothy:local-s3-rest
(Maven)
Mar 10, 2025
Apache Camel: Camel Message Header Injection via Improper Filtering
Moderate
CVE-2025-27636
was published
for
org.apache.camel:camel-support
(Maven)
Mar 9, 2025
com.xwiki.confluencepro:application-confluence-migrator-pro-ui's application homepage is public
High
CVE-2025-27604
was published
for
com.xwiki.confluencepro:application-confluence-migrator-pro-ui
(Maven)
Mar 7, 2025
com.xwiki.confluencepro:application-confluence-migrator-pro-ui Remote Code Execution via unescaped translations
Critical
CVE-2025-27603
was published
for
com.xwiki.confluencepro:application-confluence-migrator-pro-ui
(Maven)
Mar 7, 2025
Jenkins cross-site request forgery (CSRF) vulnerability
Moderate
CVE-2025-27624
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 6, 2025
Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
Moderate
CVE-2025-27622
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 6, 2025
Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
Moderate
CVE-2025-27623
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 6, 2025
Jenkins Open Redirect vulnerability
Moderate
CVE-2025-27625
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 6, 2025
Emissary May Use a Broken or Risky Cryptographic Algorithm
High
CVE-2025-27508
was published
for
gov.nsa.emissary:emissary
(Maven)
Mar 5, 2025
OpenDJ Denial of Service (DoS) using alias loop
High
CVE-2025-27497
was published
for
org.openidentityplatform.opendj:opendj-server-legacy
(Maven)
Mar 5, 2025
Lucee RCE/XXE Vulnerability
Critical
CVE-2023-38693
was published
for
org.lucee:lucee
(Maven)
Mar 5, 2025
Wildfly Elytron integration susceptible to brute force attacks via CLI
High
CVE-2025-23368
was published
for
org.wildfly.core:wildfly-elytron-integration
(Maven)
Mar 4, 2025
Apache Ranger Improper Neutralization of Formula Elements vulnerability
Low
CVE-2024-55532
was published
for
org.apache.ranger:security-admin-web
(Maven)
Mar 3, 2025
ProTip!
Advisories are also available from the
GraphQL API