GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
90 advisories
Filter by severity
jackson-databind has @JsonView bypass for setterless creator properties
Moderate
CVE-2026-54517
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 23, 2026
jackson-databind has a @JsonView bypass for unwrapped creator parameters
Moderate
CVE-2026-54518
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 23, 2026
Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects
Moderate
CVE-2026-41280
was published
for
org.apache.dolphinscheduler:dolphinscheduler-api
(Maven)
Jun 17, 2026
Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.
Moderate
CVE-2026-42357
was published
for
org.apache.dolphinscheduler:dolphinscheduler-api
(Maven)
Jun 17, 2026
Keycloak Vulnerable to Incorrect Authorization
Moderate
CVE-2026-9791
was published
for
org.keycloak:keycloak-server-spi-private
(Maven)
May 28, 2026
OpenSearch Security plugin: DLS not applied on documents linked by has_child or has_parent relation
Moderate
GHSA-x83w-23jp-g6pw
was published
for
org.opensearch.plugin:opensearch-security
(Maven)
May 7, 2026
Keycloak services allows the issuance of access and refresh tokens for disabled users
Moderate
CVE-2025-14559
was published
for
org.keycloak:keycloak-services
(Maven)
Jan 21, 2026
NutzBoot Incorrect Privilege Assignment vulnerability
Moderate
CVE-2025-13806
was published
for
org.nutz:nutzboot-parent
(Maven)
Dec 1, 2025
Liferay Portal and DXP do not check permissions of images in a blog entry
Moderate
CVE-2025-62275
was published
for
com.liferay:com.liferay.blogs.item.selector.web
(Maven)
Nov 1, 2025
Liferay Portal Does Not Limit Access to APIs Before Email Verification
Moderate
CVE-2025-62259
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Oct 28, 2025
Liferay Publications is vulnerable to Incorrect Authorization
Moderate
CVE-2025-62243
was published
for
com.liferay:com.liferay.change.tracking.web
(Maven)
Oct 13, 2025
Liferay Portal and DXP does not properly check permission with import and export tasks
Moderate
CVE-2025-43806
was published
for
com.liferay:com.liferay.batch.engine.service
(Maven)
Sep 23, 2025
Liferay Portal's Incorrect Authorization vulnerability can lead to guest users to obtaining sensitive data
Moderate
CVE-2025-43784
was published
for
com.liferay:com.liferay.headless.builder.impl
(Maven)
Sep 10, 2025
WSO2 products vulnerable to privilege escalation due to business logic flaw in SOAP admin services
Moderate
CVE-2024-7096
was published
for
org.wso2.am:am-parent
(Maven)
May 30, 2025
WSO2 incorrect authorization vulnerability
Moderate
CVE-2024-2321
was published
for
org.wso2.am:am-parent
(Maven)
Feb 27, 2025
Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions
Moderate
CVE-2025-24860
was published
for
org.apache.cassandra:cassandra-all
(Maven)
Feb 4, 2025
RuoYi has insecure permissions
Moderate
CVE-2024-57438
was published
for
com.ruoyi:ruoyi
(Maven)
Jan 29, 2025
Disabled permissions can be granted by Folder-based in Jenkins Authorization Strategy Plugin
Moderate
CVE-2025-24401
was published
for
io.jenkins.plugins:folder-auth
(Maven)
Jan 22, 2025
Cache confusion in Jenkins Eiffel Broadcaster Plugin
Moderate
CVE-2025-24400
was published
for
com.axis.jenkins.plugins.eiffel:eiffel-broadcaster
(Maven)
Jan 22, 2025
Incorrect permission check in Jenkins GitLab Plugin allows enumerating credentials IDs
Moderate
CVE-2025-24397
was published
for
org.jenkins-ci.plugins:gitlab-plugin
(Maven)
Jan 22, 2025
Elasticsearch Incorrect Authorization vulnerability
Moderate
CVE-2024-12539
was published
for
org.elasticsearch:elasticsearch
(Maven)
Dec 17, 2024
Jenkins item creation restriction bypass vulnerability
Moderate
CVE-2024-47804
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Oct 2, 2024
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
Moderate
CVE-2024-29834
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Apr 2, 2024
Elasticsearch Incorrect Authorization vulnerability
Moderate
CVE-2024-23451
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 27, 2024
Apache Pulsar: Improper Authorization For Topic-Level Policy Management
Moderate
CVE-2024-28098
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Mar 12, 2024
ProTip!
Advisories are also available from the
GraphQL API