Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,779 advisories

Loading
pbjson vulnerable to stack exhaustion High
CVE-2023-34616 was published for com.progsbase.libraries:JSON (Maven) Jun 14, 2023
JSONUtil vulnerable to stack exhaustion High
CVE-2023-34615 was published for net.pwall.json:jsonutil (Maven) Jun 14, 2023
hutool Buffer Overflow vulnerability High
CVE-2023-42278 was published for cn.hutool:hutool-core (Maven) Sep 9, 2023
mattberry3
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability High
CVE-2024-56337 was published for org.apache.tomcat:tomcat-catalina (Maven) Dec 20, 2024
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability High
CVE-2024-50379 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Dec 17, 2024
biehl1
Path traversal vulnerability in functional web frameworks High
CVE-2024-38816 was published for org.springframework:spring-webflux (Maven) Sep 13, 2024
Malayke AlexeyTsvetkov
andreeaButerchi aantonel-sysdig
Amazon Redshift JDBC Driver vulnerable to SQL Injection High
CVE-2024-12744 was published for com.amazon.redshift:redshift-jdbc42 (Maven) Dec 26, 2024
alikrubin
Apache Hive and Spark: CookieSigner exposes the correct signature when message verification fails High
CVE-2024-23945 was published for org.apache.hive:hive-service (Maven) Dec 23, 2024
Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination High
CVE-2024-10039 was published for org.keycloak:keycloak-core (Maven) Nov 25, 2024
ahus1
Keycloak's admin API allows low privilege users to use administrative functions High
CVE-2024-3656 was published for org.keycloak:keycloak-services (Maven) Jun 11, 2024
Duplicate Advisory: Keycloak Open Redirect vulnerability High
GHSA-vvf8-2h68-9475 was published for org.keycloak:keycloak-services (Maven) Sep 19, 2024 withdrawn
Keycloak has session fixation in Elytron SAML adapters High
CVE-2024-7341 was published for org.keycloak:keycloak-services (Maven) Oct 14, 2024
Chetven
Duplicate Advisory: Keycloak Session Fixation vulnerability High
GHSA-j76j-rqwj-jmvv was published for org.keycloak:keycloak-services (Maven) Sep 9, 2024 withdrawn
stianst
Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak High
CVE-2024-8698 was published for org.keycloak:keycloak-saml-core (Maven) Oct 14, 2024
Chetven
Spring Framework Path Traversal vulnerability High
CVE-2024-38819 was published for org.springframework:spring-webflux (Maven) Dec 19, 2024
undertow: information leakage via HTTP/2 request header reuse High
CVE-2024-4109 was published for io.undertow:undertow-core (Maven) Dec 12, 2024
org.keycloak:keycloak-services has Inefficient Regular Expression Complexity High
CVE-2024-10270 was published for org.keycloak:keycloak-services (Maven) Nov 25, 2024
AdamKorcz
Databricks JDBC Driver Command Injection vulnerability High
CVE-2024-49194 was published for com.databricks:databricks-jdbc (Maven) Dec 17, 2024
Querydsl vulnerable to HQL injection trough orderBy High
CVE-2024-49203 was published for com.querydsl:querydsl-apt (Maven) Nov 27, 2024
CSIRTTrizna
XWiki Platform has an SQL injection in getdocuments.vm with sort parameter High
CVE-2024-55663 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Dec 12, 2024
Ucum-java has an XXE vulnerability in XML parsing High
CVE-2024-55887 was published for org.fhir:ucum (Maven) Dec 13, 2024
protobuf-java has potential Denial of Service issue High
CVE-2024-7254 was published for com.google.protobuf:protobuf-java (RubyGems) Sep 19, 2024
quarkus-core leaks local environment variables from Quarkus namespace during application's build High
CVE-2024-2700 was published for io.quarkus:quarkus-core (Maven) Apr 4, 2024
bschuhmann
Undertow vulnerable to Race Condition High
CVE-2024-7885 was published for io.undertow:undertow-core (Maven) Aug 21, 2024
jw123023
io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling High
CVE-2024-12397 was published for io.quarkus.http:quarkus-http-core (Maven) Dec 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database