GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
Keycloak's admin API allows low privilege users to use administrative functions
High
CVE-2024-3656
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 11, 2024
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
High
CVE-2024-22234
was published
for
org.springframework.security:spring-security-core
(Maven)
Feb 20, 2024
Graylog vulnerable to instantiation of arbitrary classes triggered by API request
High
CVE-2024-24824
was published
for
org.graylog2:graylog2-server
(Maven)
Feb 7, 2024
Sandbox escape in Artemis Java Test Sandbox
High
CVE-2024-23681
was published
for
de.tum.in.ase:artemis-java-test-sandbox
(Maven)
Jan 19, 2024
PowerJob incorrect access control vulnerability
High
CVE-2023-36106
was published
for
tech.powerjob:powerjob
(Maven)
Aug 17, 2023
Arbitrary code execution in de.tum.in.ase:artemis-java-test-sandbox
High
GHSA-98hq-4wmw-98w9
was published
for
de.tum.in.ase:artemis-java-test-sandbox
(Maven)
Feb 10, 2023
Improper Access Control in Apache Hadoop
High
CVE-2016-5393
was published
for
org.apache.hadoop:hadoop-common
(Maven)
May 17, 2022
Path Traversal in Apache Atlas
High
CVE-2016-8752
was published
for
org.apache.atlas:atlas-common
(Maven)
May 17, 2022
Improper Access Control in Apache Derby
High
CVE-2010-2232
was published
for
org.apache.derby:derby
(Maven)
May 17, 2022
Improper Access Control in Elasticsearch
High
CVE-2015-1427
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 14, 2022
Improper Access Control in Elasticsearch
High
CVE-2015-4165
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 14, 2022
Improper Access Control in Apache Shiro
High
CVE-2016-6802
was published
for
org.apache.shiro:shiro-all
(Maven)
May 14, 2022
Improper Access Control in Apache Tomcat
High
CVE-2016-0714
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Access Control in MySQL Connectors Java
High
CVE-2017-3523
was published
for
mysql:mysql-connector-java
(Maven)
May 13, 2022
Improper Access Control in Apache Tomcat
High
CVE-2016-5388
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 13, 2022
Improper Access Control in Elasticsearch
High
CVE-2019-7611
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 13, 2022
Apache ActiveMQ Artemis vulnerable to Improper Access Control
High
CVE-2021-26118
was published
for
org.apache.activemq:artemis-openwire-protocol
(Maven)
Jun 16, 2021
High severity vulnerability that affects org.apache.hbase:hbase
High
CVE-2015-1836
was published
for
org.apache.hbase:hbase
(Maven)
Oct 18, 2018
High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2
High
CVE-2016-4464
was published
for
org.apache.cxf.fediz:fediz-spring
(Maven)
Oct 18, 2018
ProTip!
Advisories are also available from the
GraphQL API