Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,951
Maven
5,000+
npm
4,598
NuGet
787
pip
4,305
Pub
12
RubyGems
983
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

2,002 advisories

Loading
XWiki Jetty Package (XJetty) allows accessing any application file through URL High
CVE-2025-55749 was published for org.xwiki.platform:xwiki-platform-tool-jetty-resources (Maven) Dec 1, 2025
aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer High
CVE-2025-67721 was published for io.airlift:aircompressor (Maven) Dec 12, 2025
kyakdan philippe-granet
Credited to kyakdan and philippe-granet
Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names High
CVE-2024-4027 was published for io.undertow:undertow-core (Maven) Jan 30, 2026
Apache Kyuubi Server vulnerable to Path Traversal High
CVE-2025-66518 was published for org.apache.kyuubi:kyuubi-server_2.12 (Maven) Jan 5, 2026
AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion High
CVE-2026-24400 was published for org.assertj:assertj-core (Maven) Jan 26, 2026
wxt201 scordio
Credited to wxt201 and scordio
XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher` High
CVE-2024-52807 was published for org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli (Maven) Jan 24, 2025
dotasek
Credited to dotasek
Apache Hadoop HDFS Native Client has Out-of-bounds Write Vulnerability High
CVE-2025-27821 was published for org.apache.hadoop:hadoop-hdfs-native-client (Maven) Jan 26, 2026
Instaclustr Cassandra-Lucene-Index allows bypass of Cassandra RBAC High
CVE-2025-26511 was published for com.instaclustr:cassandra-lucene-index-plugin (Maven) Feb 13, 2025
jfleming-ic
Credited to jfleming-ic
Class Loading Vulnerability in Artemis High
CVE-2024-23682 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Feb 9, 2022
juliuskreutz
Credited to juliuskreutz
Duplicate Advisory: Sandbox escape in Artemis Java Test Sandbox High
GHSA-hj55-9jmv-9jrj was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024 withdrawn
Denial of service in CBOR library High
CVE-2024-23684 was published for com.upokecenter:cbor (Maven) Jan 21, 2022
Duplicate Advisory: Inefficient Algorithmic Complexity in com.upokecenter:cbor High
GHSA-hfj8-63c8-rmfw was published for com.upokecenter:cbor (Maven) Jan 19, 2024 withdrawn
Duplicate Advisory: Exposure of sensitive information in ClickHouse High
GHSA-3p77-wg4c-qm24 was published for com.clickhouse:clickhouse-client (Maven) Jan 19, 2024 withdrawn
Trust Boundary Violation due to Incomplete Blacklist in Test Failure Processing in Ares High
CVE-2024-23683 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 21, 2022
Haspamelodica
Credited to Haspamelodica
Duplicate Advisory: Sandbox escape in Artemis Java Test Sandbox High
GHSA-23rx-79r7-6cpx was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024 withdrawn
Arbitrary code execution in de.tum.in.ase:artemis-java-test-sandbox High
CVE-2024-23681 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Feb 10, 2023
LDAP
Credited to LDAP
Duplicate Advisory: Sandbox escape in Artemis Java Test Sandbox High
GHSA-c4pg-5ggh-vcpp was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024 withdrawn
OpenSearch is vulnerable to DoS via complex query_string inputs High
CVE-2025-9624 was published for org.opensearch:opensearch-common (Maven) Nov 25, 2025
RafSobol caverav
Credited to RafSobol and caverav
Jenkins has a Denial of service vulnerability in HTTP-based CLI High
CVE-2025-67635 was published for org.jenkins-ci.main:cli (Maven) Dec 10, 2025
caverav
Credited to caverav
Apache Solr: Insufficient file-access checking in standalone core-creation requests High
CVE-2026-22444 was published for org.apache.solr:solr-core (Maven) Jan 21, 2026
Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin High
CVE-2026-22022 was published for org.apache.solr:solr-core (Maven) Jan 21, 2026
Undertow OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded High
CVE-2024-3884 was published for io.undertow:undertow-core (Maven) Dec 3, 2025
aldexis
Credited to aldexis
Jervis's AES CBC Mode is Without Authentication High
CVE-2025-68931 was published for net.gleske:jervis (Maven) Jan 13, 2026
Jervis Has Weak Random for Timing Attack Mitigation High
CVE-2025-68704 was published for net.gleske:jervis (Maven) Jan 13, 2026
Jervis's Salt for PBKDF2 derived from password High
CVE-2025-68703 was published for net.gleske:jervis (Maven) Jan 13, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database