Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
36
GitHub Actions
29
Go
2,336
Maven
5,000+
npm
3,970
NuGet
713
pip
3,767
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,673 advisories

Loading
Apache Tomcat - Security constraint bypass for pre/post-resources Moderate
CVE-2025-49125 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 16, 2025
XWiki does not require right warnings for notification displayer objects Moderate
CVE-2025-49587 was published for org.xwiki.platform:xwiki-platform-notifications-notifiers-default (Maven) Jun 13, 2025
XWiki provides no warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right Moderate
CVE-2025-49583 was published for org.xwiki.platform:xwiki-platform-notifications-notifiers-default (Maven) Jun 13, 2025
Solon Vulnerable to Directory Traversal Moderate
CVE-2025-46096 was published for org.noear:solon-faas-luffy (Maven) Jun 13, 2025
Spring Framework vulnerable to a reflected file download (RFD) Moderate
CVE-2025-41234 was published for org.springframework:spring-web (Maven) Jun 13, 2025
GeoServer Missing Authorization on REST API Index Moderate
CVE-2025-27505 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
sikeoka
Coverage REST API Server Side Request Forgery Moderate
CVE-2024-40625 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
trganda jodygarnett
GWC Home Page communicate version and revision information Moderate
CVE-2024-38524 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
sikeoka
Apache Kafka Client Arbitrary File Read and Server Side Request Forgery Vulnerability Moderate
CVE-2025-27817 was published for org.apache.kafka:kafka-clients (Maven) Jun 10, 2025
Jackson-core Vulnerable to Memory Disclosure via Source Snippet in JsonLocation Moderate
CVE-2025-49128 was published for com.fasterxml.jackson.core:jackson-core (Maven) Jun 7, 2025
lucasdrufva gwittel
Para Inserts Sensitive Information into Log File for Facebook authentication Moderate
CVE-2025-49009 was published for com.erudika:para-server (Maven) Jun 6, 2025
Hibernate Validator may interpolate user-supplied input in a constraint violation message with Expression Language Moderate
CVE-2025-35036 was published for org.hibernate.validator:hibernate-validator (Maven) Jun 3, 2025
Pekko Management may not properly apply authenticator when Basic Authentication enabled Moderate
CVE-2025-46548 was published for com.lightbend.akka.management:akka-management_2.12 (Maven) Jun 3, 2025
Erupt Unrestricted Upload of File with Dangerous Type vulnerability Moderate
CVE-2025-45855 was published for xyz.erupt:erupt (Maven) Jun 3, 2025
WSO2 products vulnerable to Cross-site Scripting Moderate
CVE-2024-8008 was published for org.wso2.carbon.identity.framework:org.wso2.carbon.identity.user.store.configuration.ui (Maven) Jun 2, 2025
Para Server Logs Sensitive Information Moderate
CVE-2025-48955 was published for com.erudika:para-server (Maven) May 30, 2025
WSO2 products vulnerable to privilege escalation due to business logic flaw in SOAP admin services Moderate
CVE-2024-7096 was published for org.wso2.am:am-parent (Maven) May 30, 2025
Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read Moderate
CVE-2025-27528 was published for org.apache.inlong:manager-pojo (Maven) May 28, 2025
Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass Moderate
CVE-2025-27526 was published for org.apache.inlong:manager-pojo (Maven) May 28, 2025
Eclipse JGit XML External Entity (XXE) Vulnerability Moderate
CVE-2025-4949 was published for org.eclipse.jgit:org.eclipse.jgit (Maven) May 21, 2025
XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right Moderate
CVE-2025-48063 was published for org.xwiki.platform:xwiki-platform-security-authorization-bridge (Maven) May 21, 2025
Jenkins Cadence vManager Plugin Vulnerable to Cross-Site Request Forgery Moderate
CVE-2025-47886 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) May 14, 2025
Jenkins Cadence vManager Plugin is Missing Permission Checks Moderate
CVE-2025-47887 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) May 14, 2025
Jenkins DingTalk Plugin Unconditionally Disables SSL/TLS Certificate and Hostname Validation Moderate
CVE-2025-47888 was published for io.jenkins.plugins:dingding-notifications (Maven) May 14, 2025
Apache IoTDB JDBC Driver Discloses Sensitive Information via Log Files Moderate
CVE-2025-26795 was published for org.apache.iotdb:iotdb-jdbc (Maven) May 14, 2025
AnonySE26
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database