Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,764 advisories

Loading
Apache ActiveMQ's default configuration doesn't secure the API web context High
CVE-2024-32114 was published for org.apache.activemq:apache-activemq (Maven) May 2, 2024
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`) High
CVE-2024-28848 was published for org.open-metadata:openmetadata-service (Maven) Apr 24, 2024
pwntester
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`) High
CVE-2024-28847 was published for org.open-metadata:openmetadata-service (Maven) Apr 24, 2024
pwntester
Ant Media Server vulnerable to a local privilege escalation High
CVE-2024-32656 was published for io.antmedia:ant-media-server (Maven) Apr 22, 2024
UNC1739
Apache HugeGraph-Server: Bypass whitelist in Auth mode High
CVE-2024-27349 was published for org.apache.hugegraph:hugegraph-api (Maven) Apr 22, 2024
Keycloak path traversal vulnerability in redirection validation High
CVE-2024-1132 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS High
CVE-2024-1249 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
dhvakr
Keycloak path traversal vulnerability in the redirect validation High
CVE-2024-2419 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Spring Framework URL Parsing with Host Validation High
CVE-2024-22262 was published for org.springframework:spring-web (Maven) Apr 16, 2024
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode High
CVE-2024-27309 was published for org.apache.kafka:kafka-metadata (Maven) Apr 12, 2024
WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log High
CVE-2023-6236 was published for org.wildfly.security:wildfly-elytron-http-oidc (Maven) Apr 10, 2024
google-oauth-java-client improperly verifies cryptographic signature High
CVE-2021-22573 was published for com.google.oauth-client:google-oauth-client (Maven) Apr 9, 2024
TimurSadykov
Eclipse Kura LogServlet vulnerability High
CVE-2024-3046 was published for org.eclipse.kura:org.eclipse.kura.web2 (Maven) Apr 9, 2024
z3er01
WildFly Elytron: SSRF security issue High
CVE-2024-1233 was published for org.wildfly.security:wildfly-elytron-realm-token (Maven) Apr 9, 2024
quarkus-core leaks local environment variables from Quarkus namespace during application's build High
CVE-2024-2700 was published for io.quarkus:quarkus-core (Maven) Apr 4, 2024
bschuhmann
Ignite Realtime Openfire privilege escalation vulnerability High
CVE-2024-25420 was published for org.igniterealtime.openfire:xmppserver (Maven) Mar 26, 2024
Ignite Realtime Openfire privilege escalation vulnerability High
CVE-2024-25421 was published for org.igniterealtime.openfire:xmppserver (Maven) Mar 26, 2024
XNIO denial of service vulnerability High
CVE-2023-5685 was published for org.jboss.xnio:xnio-api (Maven) Mar 22, 2024
grosario1
Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API High
CVE-2023-51444 was published for org.geoserver:gs-platform (Maven) Mar 20, 2024
sikeoka
GeoServer log file path traversal vulnerability High
CVE-2023-41877 was published for org.geoserver:gs-main (Maven) Mar 20, 2024
Anthares101 sumiitgurjar
Path traversal in flaskcode Devan-Kerman ARRP High
CVE-2024-24042 was published for net.devtech:arrp (Maven) Mar 19, 2024
Erroneous authentication pass in Spring Security High
CVE-2024-22257 was published for org.springframework.security:spring-security-core (Maven) Mar 18, 2024
Spring Framework URL Parsing with Host Validation Vulnerability High
CVE-2024-22259 was published for org.springframework:spring-web (Maven) Mar 16, 2024
yoshizawa-masatoshi
Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution High
CVE-2024-27135 was published for org.apache.pulsar:pulsar-functions-worker (Maven) Mar 12, 2024
oscerd
Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying High
CVE-2024-27894 was published for org.apache.pulsar:pulsar-functions-worker (Maven) Mar 12, 2024
oscerd
ProTip! Advisories are also available from the GraphQL API