Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,950
Erlang
39
GitHub Actions
38
Go
2,603
Maven
5,000+
npm
4,250
NuGet
755
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

160 advisories

Loading
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT Critical
CVE-2025-24813 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Mar 10, 2025
westonsteimel xuanzern
Credited to westonsteimel and xuanzern
Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination High
CVE-2024-10039 was published for org.keycloak:keycloak-core (Maven) Nov 25, 2024
ahus1 westonsteimel
Credited to ahus1 and westonsteimel
Hashicorp Vault vulnerable to denial of service through memory exhaustion High
CVE-2024-8185 was published for github.com/hashicorp/vault (Go) Oct 31, 2024
westonsteimel
Credited to westonsteimel
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder Moderate
CVE-2024-25112 was published for exiv2 (pip) Oct 17, 2024
westonsteimel
Credited to westonsteimel
Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder Moderate
CVE-2024-24826 was published for exiv2 (pip) Oct 17, 2024
westonsteimel
Credited to westonsteimel
Vault Community Edition privilege escalation vulnerability High
CVE-2024-9180 was published for github.com/hashicorp/vault (Go) Oct 10, 2024
westonsteimel
Credited to westonsteimel
Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability Moderate
CVE-2024-28168 was published for org.apache.xmlgraphics:fop-core (Maven) Oct 9, 2024
westonsteimel
Credited to westonsteimel
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default High
CVE-2024-7594 was published for github.com/hashicorp/vault (Go) Sep 26, 2024
westonsteimel cipherboy
Credited to westonsteimel and cipherboy
Authz zero length regression Critical
CVE-2024-41110 was published for github.com/docker/docker (Go) Jul 30, 2024
corhere westonsteimel
debasishbsws
Credited to corhere, westonsteimel, and debasishbsws
Apache Wicket: Remote code execution via XSLT injection High
CVE-2024-36522 was published for org.apache.wicket:wicket-util (Maven) Jul 12, 2024
westonsteimel
Credited to westonsteimel
Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions High
CVE-2024-6468 was published for github.com/hashicorp/vault (Go) Jul 11, 2024
westonsteimel
Credited to westonsteimel
Apache Tomcat - Denial of Service High
CVE-2024-34750 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jul 3, 2024
westonsteimel
Credited to westonsteimel
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat Moderate
CVE-2024-23672 was published for org.apache.tomcat.embed:tomcat-embed-websocket (Maven) Mar 13, 2024
westonsteimel
Credited to westonsteimel
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests Moderate
CVE-2024-24549 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Mar 13, 2024
oscerd westonsteimel
Credited to oscerd and westonsteimel
Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping High
CVE-2024-27936 was published for deno (Rust) Mar 5, 2024
Ry0taK westonsteimel
Credited to Ry0taK and westonsteimel
Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users High
CVE-2024-23320 was published for org.apache.dolphinscheduler:dolphinscheduler-master (Maven) Feb 23, 2024
westonsteimel
Credited to westonsteimel
Vulnerability affecting the org.openjfx:javafx-media maven component of the OpenJFX project Low
CVE-2024-20925 was published for org.openjfx:javafx-media (Maven) Feb 17, 2024
westonsteimel
Credited to westonsteimel
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information Moderate
CVE-2024-21733 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 19, 2024
westonsteimel
Credited to westonsteimel
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin Moderate
CVE-2023-50770 was published for org.jenkins-ci.plugins:oic-auth (Maven) Dec 13, 2023
westonsteimel
Credited to westonsteimel
Open redirect vulnerability in Jenkins OpenId Connect Authentication Plugin Moderate
CVE-2023-50771 was published for org.jenkins-ci.plugins:oic-auth (Maven) Dec 13, 2023
westonsteimel
Credited to westonsteimel
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakime faroukfaiz10
DuyTran-TomTom derekheld ebickle westonsteimel
Credited to joakime, faroukfaiz10, DuyTran-TomTom, derekheld, ebickle, and westonsteimel
Cache poisoning in drupal/core Critical
CVE-2023-5256 was published for drupal/core (Composer) Sep 28, 2023
westonsteimel
Credited to westonsteimel
Apache Tomcat - Fix for CVE-2023-24998 was incomplete High
CVE-2023-28709 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jul 6, 2023
westonsteimel
Credited to westonsteimel
Apache Tomcat vulnerable to information leak High
CVE-2023-34981 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 21, 2023
sunSUNQ westonsteimel
Credited to sunSUNQ and westonsteimel
Incorrect Permission Preservation in Jenkins Core Moderate
CVE-2023-27902 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
Credited to westonsteimel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database