Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

56 advisories

Loading
Withdrawn Advisory: Helm shows secrets in clear text Moderate
CVE-2019-25210 was published for helm.sh/helm/v3 (Go) Mar 3, 2024 withdrawn
oscerd Credited to oscerd
Apache Answer: Avatar URL leaked user email addresses Moderate
CVE-2024-40761 was published for github.com/apache/incubator-answer (Go) Sep 25, 2024
oscerd Credited to oscerd
Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation Critical
CVE-2024-29868 was published for org.apache.streampipes:streampipes-resource-management (Maven) Jun 24, 2024
oscerd Credited to oscerd
Apache Hadoop: Temporary File Local Information Disclosure Low
CVE-2024-23454 was published for org.apache.hadoop:hadoop-common (Maven) Sep 25, 2024
oscerd Credited to oscerd
Apache Zeppelin remote code execution by adding malicious JDBC connection string Critical
CVE-2024-31864 was published for org.apache.zeppelin:zeppelin-jdbc (Maven) Apr 9, 2024
oscerd Credited to oscerd
Apache SkyWalking has a stored XSS vulnerability Moderate
CVE-2025-54057 was published for org.apache.skywalking:apm-webapp (Maven) Nov 27, 2025
oscerd Credited to oscerd
Duplicate Advisory: Improper Verification of Cryptographic Signature in aws-encryption-sdk-java Moderate
GHSA-gvc7-gjrw-hj65 was published for com.amazonaws:aws-encryption-sdk-java (Maven) Jan 19, 2024 withdrawn
oscerd Credited to oscerd
Apache Archiva Reflected Cross-site Scripting vulnerability Moderate
CVE-2024-27140 was published for org.apache.archiva:archiva-common (Maven) Mar 1, 2024
oscerd Credited to oscerd
Apache Superset: Improper data authorization when creating a new dataset Moderate
CVE-2024-24779 was published for apache-superset (pip) Feb 28, 2024
oscerd Credited to oscerd
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated High
CVE-2024-22234 was published for org.springframework.security:spring-security-core (Maven) Feb 20, 2024
oscerd Credited to oscerd
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file Moderate
CVE-2024-26308 was published for org.apache.commons:commons-compress (Maven) Feb 19, 2024
oscerd Credited to oscerd and astashys astashys astashys
Apache Ambari: authenticated users could perform command injection to perform RCE High
CVE-2023-50379 was published for org.apache.ambari.contrib.views:ambari-contrib-views (Maven) Feb 27, 2024
oscerd Credited to oscerd
Apache Ambari XML External Entity injection Moderate
CVE-2023-50380 was published for org.apache.ambari.contrib.views:wfmanager (Maven) Feb 27, 2024
oscerd Credited to oscerd
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data Moderate
CVE-2024-24773 was published for apache-superset (pip) Feb 28, 2024
oscerd Credited to oscerd
Apache Superset: Improper authorization validation on dashboards and charts import Moderate
CVE-2024-26016 was published for apache-superset (pip) Feb 28, 2024
oscerd Credited to oscerd
Apache Ambari: Various Cross site scripting problems Moderate
CVE-2023-50378 was published for org.apache.ambari:ambari (Maven) Mar 1, 2024
oscerd Credited to oscerd
Apache Superset: Improper error handling on alerts Moderate
CVE-2024-27315 was published for apache-superset (pip) Feb 28, 2024
oscerd Credited to oscerd
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution Critical
CVE-2024-27133 was published for mlflow (pip) Feb 24, 2024
oscerd Credited to oscerd and gabby202308 gabby202308 gabby202308
Apache James server: Privilege escalation via JMX pre-authentication deserialization Critical
CVE-2023-51518 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd Credited to oscerd
SMTP smuggling in Apache James High
CVE-2023-51747 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd Credited to oscerd
Deserialization of Untrusted Data in Apache Camel SQL High
CVE-2024-22369 was published for org.apache.camel:camel-sql (Maven) Feb 20, 2024
oscerd Credited to oscerd
Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file Moderate
CVE-2024-25710 was published for org.apache.commons:commons-compress (Maven) Feb 19, 2024
oscerd Credited to oscerd and anonymous-nlp-student anonymous-nlp-student anonymous-nlp-student
sanitize-html Information Exposure vulnerability Moderate
CVE-2024-21501 was published for sanitize-html (npm) Feb 24, 2024
oscerd Credited to oscerd and krassowski krassowski krassowski
Deserialization of Untrusted Data in Apache Camel CassandraQL High
CVE-2024-23114 was published for org.apache.camel:camel-cassandraql (Maven) Feb 20, 2024
oscerd Credited to oscerd
Apache Airflow: DAG Code and Import Error Permissions Ignored Moderate
CVE-2024-27906 was published for apache-airflow (pip) Feb 29, 2024
oscerd Credited to oscerd and sunSUNQ sunSUNQ sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database