Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

90 advisories

Loading
jackson-databind has @JsonView bypass for setterless creator properties Moderate
CVE-2026-54517 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 23, 2026
omkhar Credited to omkhar
jackson-databind has a @JsonView bypass for unwrapped creator parameters Moderate
CVE-2026-54518 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 23, 2026
omkhar Credited to omkhar
Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects Moderate
CVE-2026-41280 was published for org.apache.dolphinscheduler:dolphinscheduler-api (Maven) Jun 17, 2026
Keycloak Vulnerable to Incorrect Authorization Moderate
CVE-2026-9791 was published for org.keycloak:keycloak-server-spi-private (Maven) May 28, 2026
OpenSearch Security plugin: DLS not applied on documents linked by has_child or has_parent relation Moderate
GHSA-x83w-23jp-g6pw was published for org.opensearch.plugin:opensearch-security (Maven) May 7, 2026
Keycloak services allows the issuance of access and refresh tokens for disabled users Moderate
CVE-2025-14559 was published for org.keycloak:keycloak-services (Maven) Jan 21, 2026
julianladisch Credited to julianladisch and eminaktas eminaktas eminaktas
NutzBoot Incorrect Privilege Assignment vulnerability Moderate
CVE-2025-13806 was published for org.nutz:nutzboot-parent (Maven) Dec 1, 2025
Liferay Portal and DXP do not check permissions of images in a blog entry Moderate
CVE-2025-62275 was published for com.liferay:com.liferay.blogs.item.selector.web (Maven) Nov 1, 2025
Liferay Portal Does Not Limit Access to APIs Before Email Verification Moderate
CVE-2025-62259 was published for com.liferay.portal:release.portal.bom (Maven) Oct 28, 2025
Liferay Publications is vulnerable to Incorrect Authorization Moderate
CVE-2025-62243 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025
Liferay Portal and DXP does not properly check permission with import and export tasks Moderate
CVE-2025-43806 was published for com.liferay:com.liferay.batch.engine.service (Maven) Sep 23, 2025
Liferay Portal's Incorrect Authorization vulnerability can lead to guest users to obtaining sensitive data Moderate
CVE-2025-43784 was published for com.liferay:com.liferay.headless.builder.impl (Maven) Sep 10, 2025
WSO2 products vulnerable to privilege escalation due to business logic flaw in SOAP admin services Moderate
CVE-2024-7096 was published for org.wso2.am:am-parent (Maven) May 30, 2025
WSO2 incorrect authorization vulnerability Moderate
CVE-2024-2321 was published for org.wso2.am:am-parent (Maven) Feb 27, 2025
Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions Moderate
CVE-2025-24860 was published for org.apache.cassandra:cassandra-all (Maven) Feb 4, 2025
RuoYi has insecure permissions Moderate
CVE-2024-57438 was published for com.ruoyi:ruoyi (Maven) Jan 29, 2025
Disabled permissions can be granted by Folder-based in Jenkins Authorization Strategy Plugin Moderate
CVE-2025-24401 was published for io.jenkins.plugins:folder-auth (Maven) Jan 22, 2025
Cache confusion in Jenkins Eiffel Broadcaster Plugin Moderate
CVE-2025-24400 was published for com.axis.jenkins.plugins.eiffel:eiffel-broadcaster (Maven) Jan 22, 2025
Incorrect permission check in Jenkins GitLab Plugin allows enumerating credentials IDs Moderate
CVE-2025-24397 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Jan 22, 2025
Elasticsearch Incorrect Authorization vulnerability Moderate
CVE-2024-12539 was published for org.elasticsearch:elasticsearch (Maven) Dec 17, 2024
Jenkins item creation restriction bypass vulnerability Moderate
CVE-2024-47804 was published for org.jenkins-ci.main:jenkins-core (Maven) Oct 2, 2024
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints Moderate
CVE-2024-29834 was published for org.apache.pulsar:pulsar-broker (Maven) Apr 2, 2024
oscerd Credited to oscerd
Elasticsearch Incorrect Authorization vulnerability Moderate
CVE-2024-23451 was published for org.elasticsearch:elasticsearch (Maven) Mar 27, 2024
Apache Pulsar: Improper Authorization For Topic-Level Policy Management Moderate
CVE-2024-28098 was published for org.apache.pulsar:pulsar-broker (Maven) Mar 12, 2024
oscerd Credited to oscerd
ProTip! Advisories are also available from the GraphQL API