Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,722
Erlang
35
GitHub Actions
29
Go
2,306
Maven
5,000+
npm
3,947
NuGet
711
pip
3,727
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

5,597 advisories

Loading
Apache Commons Improper Access Control vulnerability High
CVE-2025-48734 was published for commons-beanutils:commons-beanutils (Maven) May 28, 2025
Valtimo backend libraries allows objects in the object-api to be accessed and modified by unauthorized users High
GHSA-965r-9cg9-g42p was published for com.ritense.valtimo:object-management (Maven) May 28, 2025
Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass Moderate
CVE-2025-27526 was published for org.apache.inlong:manager-pojo (Maven) May 28, 2025
Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read Moderate
CVE-2025-27528 was published for org.apache.inlong:manager-pojo (Maven) May 28, 2025
Apache InLong: JDBC Vulnerability during verification processing High
CVE-2025-27522 was published for org.apache.inlong:manager-pojo (Maven) May 28, 2025
Fess has Insecure Temporary File Permissions Low
CVE-2025-48382 was published for org.codelibs.fess:fess (Maven) May 27, 2025
simei2k yusuke-koyoshi
Eclipse JGit XML External Entity (XXE) Vulnerability Moderate
CVE-2025-4949 was published for org.eclipse.jgit:org.eclipse.jgit (Maven) May 21, 2025
XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right Moderate
CVE-2025-48063 was published for org.xwiki.platform:xwiki-platform-security-authorization-bridge (Maven) May 21, 2025
Spring Security authorization bypass for method security annotations on private methods Critical
CVE-2025-41232 was published for org.springframework.security:spring-security-aspects (Maven) May 21, 2025
Jenkins WSO2 Oauth Plugin Fails to Properly Authenticate User Credentials High
CVE-2025-47889 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 14, 2025
Jenkins Cadence vManager Plugin Vulnerable to Cross-Site Request Forgery Moderate
CVE-2025-47886 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) May 14, 2025
Jenkins Health Advisor by CloudBees Plugin Vulnerable to Cross-Site Scripting High
CVE-2025-47885 was published for org.jenkins-ci.plugins:cloudbees-jenkins-advisor (Maven) May 14, 2025
Jenkins OpenID Connect Provider Plugin Incorrectly Validates Crafted Build ID Tokens Critical
CVE-2025-47884 was published for io.jenkins.plugins:oidc-provider (Maven) May 14, 2025
Jenkins DingTalk Plugin Unconditionally Disables SSL/TLS Certificate and Hostname Validation Moderate
CVE-2025-47888 was published for io.jenkins.plugins:dingding-notifications (Maven) May 14, 2025
Jenkins Cadence vManager Plugin is Missing Permission Checks Moderate
CVE-2025-47887 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) May 14, 2025
BoniGarcia WebDriverManager Affected By Improper Restriction of XML External Entity Reference Critical
CVE-2025-4641 was published for io.github.bonigarcia:webdrivermanager (Maven) May 14, 2025
Apache IoTDB JDBC Driver Discloses Sensitive Information via Log Files Moderate
CVE-2025-26795 was published for org.apache.iotdb:iotdb-jdbc (Maven) May 14, 2025
AnonySE26
Apache IoTDB Discloses Sensitive Information via Log Files Moderate
CVE-2025-26864 was published for org.apache.iotdb:node-commons (Maven) May 14, 2025
Apache IoTDB Vulnerable to Remote Code Execution Critical
CVE-2024-24780 was published for org.apache.iotdb:iotdb-core (Maven) May 14, 2025
Apache Commons Configuration Uncontrolled Resource Consumption Low
CVE-2025-46392 was published for commons-configuration:commons-configuration (Maven) May 9, 2025
Eclipse Jetty HTTP/2 client can force the server to allocate a humongous byte buffer that may lead to OoM and subsequently the JVM to exit High
CVE-2025-1948 was published for org.eclipse.jetty.http2:jetty-http2-common (Maven) May 8, 2025
bjorncs
**UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate request High
CVE-2024-13009 was published for org.eclipse.jetty:jetty-server (Maven) May 8, 2025
maimaisie samjsong
nchudasmasumo lei-sumo
JRuby-OpenSSL has hostname verification disabled by default Moderate
CVE-2025-46551 was published for org.jruby:jruby (Maven) May 7, 2025
mohamedhafez
Graylog Allows Session Takeover via Insufficient HTML Sanitization High
CVE-2025-46827 was published for org.graylog2:graylog2-server (Maven) May 7, 2025
fabsx00
Graylog Allows Stored Cross-Site Scripting via Files Plugin and API Browser High
GHSA-q9q2-3ppx-mwqf was published for org.graylog2:graylog2-server (Maven) May 7, 2025
fabsx00
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database