Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

719 advisories

Loading
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting Critical
CVE-2024-25147 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2024-25601 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting Critical
CVE-2024-25602 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting Critical
CVE-2023-40191 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Remote Code Execution in Apache Dolphinscheduler Critical
CVE-2023-49109 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
Duplicate Advisory: SQL injection in pgjdbc Critical
GHSA-xfg6-62px-cxc2 was published for org.postgresql:postgresql (Maven) Feb 19, 2024 withdrawn
Liferay Portal stored cross-site scripting (XSS) vulnerability Critical
CVE-2024-25145 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 7, 2024
Central Dogma Authentication Bypass Vulnerability via Session Leakage Critical
CVE-2024-1143 was published for com.linecorp.centraldogma:centraldogma-server (Maven) Feb 2, 2024
minwoox
Beetl Server-Side Template Injection vulnerability Critical
CVE-2024-22533 was published for com.ibeetl:beetl-core (Maven) Feb 2, 2024
yoshizawa-masatoshi
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE Critical
CVE-2024-23897 was published for org.jenkins-ci.main:jenkins-core (Maven) Jan 24, 2024
sunSUNQ
Remote Command Execution in SOFARPC Critical
CVE-2024-23636 was published for com.alipay.sofa:rpc-sofa-boot-starter (Maven) Jan 23, 2024
yemoli
Clojure classes can be used to craft a serialized object that runs arbitrary code on deserialization Critical
CVE-2017-20189 was published for org.clojure:clojure (Maven) Jan 22, 2024
Hard-coded credentials in org.folio:mod-data-export-spring Critical
CVE-2024-23687 was published for org.folio:mod-data-export-spring (Maven) Jan 20, 2024
Session fixation in Enonic XP Critical
CVE-2024-23679 was published for com.enonic.xp:lib-auth (Maven) Jan 19, 2024
XWiki Remote Code Execution Vulnerability via User Registration Critical
CVE-2024-21650 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Jan 8, 2024
Apache InLong Manager Remote Code Execution vulnerability Critical
CVE-2023-51784 was published for org.apache.inlong:manager-pojo (Maven) Jan 3, 2024
JeecgBoot server-side template injection Critical
CVE-2023-41544 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Dec 30, 2023
Jeecg Boot SQL injection vulnerability Critical
CVE-2023-41542 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Dec 30, 2023
Jeecg Boot SQL Injection Critical
CVE-2023-41543 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Dec 30, 2023
hyavijava stack overflow vulnerability Critical
CVE-2023-51084 was published for com.github:hyavijava (Maven) Dec 27, 2023
Remote code execution/programming rights with configuration section from any user account Critical
CVE-2023-50723 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Dec 16, 2023
XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass Critical
CVE-2023-50722 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Dec 16, 2023
Remote code execution from account through SearchAdmin Critical
CVE-2023-50721 was published for org.xwiki.platform:xwiki-platform-search-ui (Maven) Dec 16, 2023
Apache StreamPark: Authenticated system users could trigger remote command execution Critical
CVE-2023-49898 was published for org.apache.streampark:streampark (Maven) Dec 15, 2023
Apache Dubbo: Bypass deny serialize list check in Apache Dubbo Critical
CVE-2023-46279 was published for org.apache.dubbo:dubbo (Maven) Dec 15, 2023
ProTip! Advisories are also available from the GraphQL API