Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,632
Erlang
34
GitHub Actions
25
Go
2,238
Maven
5,000+
npm
3,900
NuGet
701
pip
3,666
Pub
12
RubyGems
914
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

5,484 advisories

Loading
Unregistered users can see "public" messages from a closed wiki via notifications from a different wiki Moderate
CVE-2025-32783 was published for org.xwiki.platform:xwiki-platform-messagestream (Maven) Apr 16, 2025
jsonschema2pojo has Improper Restriction of Operations within the Bounds of a Memory Buffer Moderate
CVE-2025-3588 was published for org.jsonschema2pojo:jsonschema2pojo-core (Maven) Apr 14, 2025
Apache ActiveMQ Artemis Vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2025-27391 was published for org.apache.activemq:artemis-project (Maven) Apr 9, 2025
Apache POI OOXML Vulnerable to Improper Input Validation in OOXML File Parsing Moderate
CVE-2025-31672 was published for org.apache.poi:poi-ooxml (Maven) Apr 9, 2025
Apache Pulsar Kafka Connector Logs Sensitive Information in Application Logs Moderate
CVE-2025-30677 was published for org.apache.pulsar:pulsar-io-kafka (Maven) Apr 9, 2025
Elasticsearch Vulnerable to Stack Overflow due to a Large Recursion Moderate
CVE-2024-52981 was published for org.elasticsearch:elasticsearch (Maven) Apr 8, 2025
Elasticsearch Potential Node Crash due to Large Recursion in `innerForbidCircularReferences` Function Moderate
CVE-2024-52980 was published for org.elasticsearch:elasticsearch (Maven) Apr 8, 2025
Graylog's Authenticated HTTP inputs ingest message even if Authorization header is missing or has wrong value Moderate
CVE-2025-30373 was published for org.graylog2:graylog2-server (Maven) Apr 7, 2025
The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server High
CVE-2025-31487 was published for org.xwiki.contrib.jira:jira-macro-default (Maven) Apr 4, 2025
Vipshop Saturn Console Vulnerable to SQL Injection via ClusterKey Component High
CVE-2025-29085 was published for com.vip.saturn:saturn-console (Maven) Apr 2, 2025
Jenkins Simple Queue Plugin Cross-Site Request Forgery (CSRF) Moderate
CVE-2025-31723 was published for io.jenkins.plugins:simple-queue (Maven) Apr 2, 2025
Jenkins Missing Permission Check Moderate
CVE-2025-31721 was published for org.jenkins-ci.main:jenkins-core (Maven) Apr 2, 2025
Jenkins Missing Permission Check Moderate
CVE-2025-31720 was published for org.jenkins-ci.main:jenkins-core (Maven) Apr 2, 2025
Jenkins Templating Engine Plugin Vulnerable to Arbitrary Code Execution High
CVE-2025-31722 was published for org.jenkins-ci.plugins:templating-engine (Maven) Apr 2, 2025
Jenkins Stack Hammer Plugin Stores API Keys Unencrypted in Job `config.xml` Files Moderate
CVE-2025-31726 was published for org.jenkins-ci.plugins:stackhammer (Maven) Apr 2, 2025
Jenkins Cadence vManager Plugin Stores Verisium Manager vAPI keys Unencrypted Moderate
CVE-2025-31724 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) Apr 2, 2025
Jenkins monitor-remote-job Plugin Stores Passwords Unencrypted Moderate
CVE-2025-31725 was published for org.ukiuni.monitor-remote-job-plugin:monitor-remote-job (Maven) Apr 2, 2025
Jenkins AsakusaSatellite Plugin Stores API Keys Unencrypted in Job `config.xml` Files Moderate
CVE-2025-31727 was published for org.codefirst.jenkins.asakusasatellite:asakusa-satellite-plugin (Maven) Apr 2, 2025
Jenkins AsakusaSatellite Plugin Does not Mask API Keys via Job Configuration Form Moderate
CVE-2025-31728 was published for org.codefirst.jenkins.asakusasatellite:asakusa-satellite-plugin (Maven) Apr 2, 2025
jooby-pac4j: deserialization of untrusted data High
CVE-2025-31129 was published for io.jooby:jooby-pac4j (Maven) Apr 1, 2025
cwm1123
Apache Camel Missing Header Out Filter Leads to Potential Bypass/Injection Vulnerability Moderate
CVE-2025-30177 was published for org.apache.camel:camel-undertow (Maven) Apr 1, 2025
Apache Pinot Vulnerable to Authentication Bypass Critical
CVE-2024-56325 was published for org.apache.pinot:pinot (Maven) Apr 1, 2025
Apache Parquet Avro Module Vulnerable to Arbitrary Code Execution Critical
CVE-2025-30065 was published for org.apache.parquet:parquet-avro (Maven) Apr 1, 2025
Apache ActiveMQ Artemis User Without Create Address Permissions can Modify Address Routing-Type Low
CVE-2025-27427 was published for org.apache.activemq:artemis-server (Maven) Apr 1, 2025
Netty QUIC hash collision DoS attack Moderate
CVE-2025-29908 was published for io.netty.incubator:netty-incubator-codec-quic (Maven) Mar 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database