Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

57 advisories

Loading
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them Critical
CVE-2024-43401 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Aug 19, 2024
floerer
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access Moderate
CVE-2024-44076 was published for io.github.microcks:microcks-app (Maven) Aug 19, 2024
Apache Linkis vulnerable to privilege escalation Moderate
CVE-2024-27181 was published for org.apache.linkis:linkis (Maven) Aug 2, 2024
Keycloak's admin API allows low privilege users to use administrative functions High
CVE-2024-3656 was published for org.keycloak:keycloak-services (Maven) Jun 11, 2024
Neo4j Cypher component mishandles IMMUTABLE privileges Moderate
CVE-2024-34517 was published for org.neo4j:neo4j-cypher (Maven) May 7, 2024
irene221b
Jenkins Git server Plugin does not perform a permission check Moderate
CVE-2024-34146 was published for org.jenkins-ci.plugins:git-server (Maven) May 2, 2024
Improper JWT Signature Validation in SAP Security Services Library Critical
GHSA-59c9-pxq8-9c73 was published for com.sap.cloud.security.xsuaa:spring-xsuaa (Maven) Dec 13, 2023
rosenblueh
Improper JWT Signature Validation in SAP Security Services Library Critical
CVE-2023-50422 was published for com.sap.cloud.security.xsuaa:spring-xsuaa (Maven) Dec 12, 2023
APM Java Agent Local Privilege Escalation issue High
CVE-2021-37942 was published for co.elastic.apm:apm-agent-parent (Maven) Nov 22, 2023
OpenNMS privilege elevation vulnerability High
CVE-2023-0872 was published for org.opennms:opennms-webapp-rest (Maven) Aug 14, 2023
Apache Cassandra: Privilege escalation when enabling FQL/Audit logs High
CVE-2023-30601 was published for org.apache.cassandra:cassandra-all (Maven) Jul 6, 2023
hanqiuzh
Apache InLong Improper Privilege Management vulnerability Critical
CVE-2023-31062 was published for org.apache.inlong:manager-dao (Maven) Jul 6, 2023
Apache StreamPipes Improper Privilege Management vulnerability High
CVE-2023-31469 was published for org.apache.streampipes:streampipes-parent (Maven) Jun 23, 2023
XWiki Platform's Mail.MailConfig can be edited by any user with edit rights Critical
CVE-2023-34465 was published for org.xwiki.platform:xwiki-platform-mail-send-default (Maven) Jun 20, 2023
Apache Spark vulnerable to Improper Privilege Management Critical
CVE-2023-22946 was published for org.apache.spark:spark-core_2.12 (Maven) Apr 17, 2023
pan3793
Apiman vulnerable to permissions bypass due to missing check on API key URL Moderate
CVE-2023-28640 was published for io.apiman:apiman-manager-api-rest-impl (Maven) Mar 27, 2023
volkflo
xwiki-platform vulnerable to Remote Code Execution in Annotations Critical
CVE-2023-26475 was published for org.xwiki.platform:xwiki-platform-annotation-ui (Maven) Mar 2, 2023
renniepak
Improper Privilege Management in Apache Sling Moderate
CVE-2023-25621 was published for org.apache.sling:org.apache.sling.i18n (Maven) Feb 23, 2023
Privilege escalation in Strongbox Moderate
GHSA-mhgm-52vg-pvvc was published for com.schibsted.security:strongbox-sdk (Maven) Feb 16, 2023
tdunlap607
Privilege escalation in Apache ShenYu High
CVE-2022-42735 was published for org.apache.shenyu:shenyu-admin (Maven) Feb 15, 2023
Issue with whitespace in JWT roles in OpenSearch Moderate
CVE-2023-23612 was published for org.opensearch:opensearch-security (Maven) Jan 24, 2023
spring-security-oauth2-client vulnerable to Privilege Escalation High
CVE-2022-31690 was published for org.springframework.security:spring-security-oauth2-client (Maven) Nov 1, 2022
XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups High
CVE-2022-31166 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 20, 2022
Improper Privilege Management in com.xuxueli:xxl-job High
CVE-2022-36157 was published for com.xuxueli:xxl-job (Maven) Aug 20, 2022
MarkLee131
Improper Privilege Management in Neo4j Graph Database High
CVE-2021-34802 was published for org.neo4j:neo4j-kernel (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API