Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,350
Erlang
31
GitHub Actions
22
Go
2,119
Maven
5,000+
npm
3,778
NuGet
680
pip
3,459
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

5,292 advisories

Loading
Apache James vulnerable to denial of service through JMAP HTML to text conversion Moderate
CVE-2024-45626 was published for org.apache.james:james-server-jmap-draft (Maven) Feb 6, 2025
Apache James vulnerable to denial of service through the use of IMAP literals High
CVE-2024-37358 was published for org.apache.james.protocols:protocols-imap (Maven) Feb 6, 2025
Netplex Json-smart Uncontrolled Recursion vulnerability High
CVE-2024-57699 was published for net.minidev:json-smart (Maven) Feb 6, 2025
Keycloak on Quarkus CLI option for encrypted JGroups ignored Moderate
CVE-2024-10973 was published for org.keycloak:keycloak-quarkus-server (Maven) Feb 5, 2025
GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions Critical
CVE-2024-36404 was published for org.geotools.xsd:gt-xsd-core (Maven) Feb 5, 2025
sikeoka jodygarnett
Apache Cassandra: unrestricted deserialization of JMX authentication credentials Moderate
CVE-2024-27137 was published for org.apache.cassandra:cassandra-all (Maven) Feb 4, 2025
Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions Moderate
CVE-2025-23015 was published for org.apache.cassandra:cassandra-all (Maven) Feb 4, 2025
Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions Moderate
CVE-2025-24860 was published for org.apache.cassandra:cassandra-all (Maven) Feb 4, 2025
S3Proxy allows insecure path traversal in filesystem and filesystem-nio2 storage backends Moderate
CVE-2025-24961 was published for org.gaul:s3proxy (Maven) Feb 3, 2025
xbow-security
WildFly improper RBAC permission Moderate
CVE-2025-23367 was published for org.wildfly.core:wildfly-server (Maven) Jan 31, 2025
PMD Designer's release key passphrase (GPG) available on Maven Central in cleartext Low
CVE-2025-23215 was published for net.sourceforge.pmd:pmd-core (Maven) Jan 31, 2025
hboutemy
General OpenMRS Security Advisory, January 2025: Penetration Testing Results and Patches Critical
GHSA-vpxm-cr3r-pjp9 was published for org.openmrs.module:addresshierarchy (Maven) Jan 30, 2025
slubwama mseaton
Duplicate Advisory: Wildfly Server Role Based Access Control (RBAC) provider has Improper Access Control Moderate
GHSA-fcrw-mphx-7cxf was published for org.wildfly:wildfly-server (Maven) Jan 30, 2025 withdrawn
Deep Java Library path traversal issue Critical
CVE-2025-0851 was published for ai.djl:api (Maven) Jan 29, 2025
Snowflake JDBC uses insecure temporary credential cache file permissions Moderate
CVE-2025-24790 was published for net.snowflake:snowflake-jdbc (Maven) Jan 29, 2025
Snowflake JDBC allows an untrusted search path on Windows High
CVE-2025-24789 was published for net.snowflake:snowflake-jdbc (Maven) Jan 29, 2025
RuoYi vulnerable to Denial of Service by attackers with admin privileges Moderate
CVE-2024-57439 was published for com.ruoyi:ruoyi (Maven) Jan 29, 2025
RuoYi allowed unauthorized attackers to view the session ID of the admin in the system monitoring High
CVE-2024-57436 was published for com.ruoyi:ruoyi (Maven) Jan 29, 2025
RuoYi has insecure permissions Moderate
CVE-2024-57438 was published for com.ruoyi:ruoyi (Maven) Jan 29, 2025
Apache Hive Incorrectly Assigns Permissions for a Critical Resource Moderate
CVE-2024-29869 was published for org.apache.hive:hive-exec (Maven) Jan 29, 2025
Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing Moderate
CVE-2024-23953 was published for org.apache.hive:hive-llap-common (Maven) Jan 28, 2025
Infinispan vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2025-0736 was published for org.infinispan:infinispan-parent (Maven) Jan 28, 2025
Apache Cocoon vulnerable to Incorrect Usage of Seeds in Pseudo-Random Number Generator Low
CVE-2025-24783 was published for org.apache.cocoon:cocoon-forms-impl (Maven) Jan 27, 2025
Apache Solr Relative Path Traversal vulnerability Moderate
CVE-2024-52012 was published for org.apache.solr:solr-core (Maven) Jan 27, 2025
Apache Solr vulnerable to Execution with Unnecessary Privileges High
CVE-2025-24814 was published for org.apache.solr:solr-core (Maven) Jan 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database