Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,857
Maven
5,000+
npm
4,488
NuGet
780
pip
4,243
Pub
12
RubyGems
975
Rust
1,095
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,999 advisories

Loading
Instaclustr Cassandra-Lucene-Index allows bypass of Cassandra RBAC High
CVE-2025-26511 was published for com.instaclustr:cassandra-lucene-index-plugin (Maven) Feb 13, 2025
jfleming-ic
Credited to jfleming-ic
Class Loading Vulnerability in Artemis High
CVE-2024-23682 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Feb 9, 2022
juliuskreutz
Credited to juliuskreutz
Duplicate Advisory: Sandbox escape in Artemis Java Test Sandbox High
GHSA-hj55-9jmv-9jrj was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024 withdrawn
Denial of service in CBOR library High
CVE-2024-23684 was published for com.upokecenter:cbor (Maven) Jan 21, 2022
Duplicate Advisory: Inefficient Algorithmic Complexity in com.upokecenter:cbor High
GHSA-hfj8-63c8-rmfw was published for com.upokecenter:cbor (Maven) Jan 19, 2024 withdrawn
Duplicate Advisory: Exposure of sensitive information in ClickHouse High
GHSA-3p77-wg4c-qm24 was published for com.clickhouse:clickhouse-client (Maven) Jan 19, 2024 withdrawn
Trust Boundary Violation due to Incomplete Blacklist in Test Failure Processing in Ares High
CVE-2024-23683 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 21, 2022
Haspamelodica
Credited to Haspamelodica
Duplicate Advisory: Sandbox escape in Artemis Java Test Sandbox High
GHSA-23rx-79r7-6cpx was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024 withdrawn
Arbitrary code execution in de.tum.in.ase:artemis-java-test-sandbox High
CVE-2024-23681 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Feb 10, 2023
LDAP
Credited to LDAP
Duplicate Advisory: Sandbox escape in Artemis Java Test Sandbox High
GHSA-c4pg-5ggh-vcpp was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024 withdrawn
OpenSearch is vulnerable to DoS via complex query_string inputs High
CVE-2025-9624 was published for org.opensearch:opensearch-common (Maven) Nov 25, 2025
RafSobol caverav
Credited to RafSobol and caverav
Jenkins has a Denial of service vulnerability in HTTP-based CLI High
CVE-2025-67635 was published for org.jenkins-ci.main:cli (Maven) Dec 10, 2025
caverav
Credited to caverav
Apache Solr: Insufficient file-access checking in standalone core-creation requests High
CVE-2026-22444 was published for org.apache.solr:solr-core (Maven) Jan 21, 2026
Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin High
CVE-2026-22022 was published for org.apache.solr:solr-core (Maven) Jan 21, 2026
Undertow OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded High
CVE-2024-3884 was published for io.undertow:undertow-core (Maven) Dec 3, 2025
aldexis
Credited to aldexis
Jervis's AES CBC Mode is Without Authentication High
CVE-2025-68931 was published for net.gleske:jervis (Maven) Jan 13, 2026
Jervis Has Weak Random for Timing Attack Mitigation High
CVE-2025-68704 was published for net.gleske:jervis (Maven) Jan 13, 2026
Jervis's Salt for PBKDF2 derived from password High
CVE-2025-68703 was published for net.gleske:jervis (Maven) Jan 13, 2026
Jervis Has a SHA-256 Hex String Padding Bug High
CVE-2025-68702 was published for net.gleske:jervis (Maven) Jan 13, 2026
Jervis has Deterministic AES IV Derivation from Passphrase High
CVE-2025-68701 was published for net.gleske:jervis (Maven) Jan 13, 2026
Jervis Has a RSA PKCS#1 Padding Vulnerability High
CVE-2025-68698 was published for net.gleske:jervis (Maven) Jan 13, 2026
Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass High
CVE-2025-29847 was published for org.apache.linkis:linkis (Maven) Jan 19, 2026
OpenMetadata's Server-Side Template Injection (SSTI) in FreeMarker email templates leads to RCE High
CVE-2026-22244 was published for org.open-metadata:platform (Maven) Jan 7, 2026
lnlinh31 manerow
TeddyCr pmbrull
Credited to lnlinh31, manerow, TeddyCr, and pmbrull
Undertow vulnerable to Race Condition High
CVE-2024-7885 was published for io.undertow:undertow-core (Maven) Aug 21, 2024
jw123023
Credited to jw123023
Apache Struts 2 is Missing XML Validation High
CVE-2025-68493 was published for com.opensymphony:xwork (Maven) Jan 11, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database