GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
53 advisories
Filter by severity
SMTP smuggling in Apache James
High
CVE-2023-51747
was published
for
org.apache.james:james-server
(Maven)
Feb 27, 2024
Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged
Moderate
CVE-2023-50740
was published
for
org.apache.linkis:linkis
(Maven)
Mar 6, 2024
Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
Moderate
CVE-2024-24786
was published
for
google.golang.org/protobuf
(Go)
Mar 6, 2024
Deserialization of Untrusted Data in Apache Camel SQL
High
CVE-2024-22369
was published
for
org.apache.camel:camel-sql
(Maven)
Feb 20, 2024
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
Moderate
CVE-2024-24549
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Mar 13, 2024
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
Moderate
CVE-2024-29133
was published
for
org.apache.commons:commons-configuration2
(Maven)
Mar 21, 2024
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
Moderate
CVE-2024-26280
was published
for
apache-airflow
(pip)
Mar 1, 2024
Apache Zeppelin vulnerable to cross-site scripting in the helium module
Moderate
CVE-2024-31868
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Apr 9, 2024
Apache Ambari: Various Cross site scripting problems
Moderate
CVE-2023-50378
was published
for
org.apache.ambari:ambari
(Maven)
Mar 1, 2024
Apache Superset: Improper error handling on alerts
Moderate
CVE-2024-27315
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Answer: Avatar URL leaked user email addresses
Moderate
CVE-2024-40761
was published
for
github.com/apache/incubator-answer
(Go)
Sep 25, 2024
Apache Hadoop: Temporary File Local Information Disclosure
Low
CVE-2024-23454
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Sep 25, 2024
Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability
High
CVE-2024-39928
was published
for
org.apache.linkis:linkis-engineplugin-spark
(Maven)
Sep 25, 2024
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
Moderate
CVE-2024-23680
was published
for
com.amazonaws:aws-encryption-sdk-java
(Maven)
Jan 19, 2024
Apache RocketMQ Vulnerable to Unauthorized Exposure of Sensitive Data
Moderate
CVE-2024-23321
was published
for
org.apache.rocketmq:rocketmq-all
(Maven)
Jul 22, 2024
sanitize-html Information Exposure vulnerability
Moderate
CVE-2024-21501
was published
for
sanitize-html
(npm)
Feb 24, 2024
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file
Moderate
CVE-2024-26308
was published
for
org.apache.commons:commons-compress
(Maven)
Feb 19, 2024
Apache James server: Privilege escalation via JMX pre-authentication deserialization
Critical
CVE-2023-51518
was published
for
org.apache.james:james-server
(Maven)
Feb 27, 2024
Apache Ambari: authenticated users could perform command injection to perform RCE
High
CVE-2023-50379
was published
for
org.apache.ambari.contrib.views:ambari-contrib-views
(Maven)
Feb 27, 2024
Apache Sling Authentication Service vulnerability
High
CVE-2017-15700
was published
for
org.apache.sling:org.apache.sling.auth.core
(Maven)
May 14, 2022
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution
High
CVE-2024-27133
was published
for
mlflow
(pip)
Feb 24, 2024
Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files
Moderate
CVE-2024-41178
was published
for
object_store
(Rust)
Jul 23, 2024
Apache Pinot: Unauthorized endpoint exposed sensitive information
High
CVE-2024-39676
was published
for
org.apache.pinot:pinot-controller
(Maven)
Jul 24, 2024
Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability
Critical
CVE-2024-26580
was published
for
org.apache.inlong:manager-common
(Maven)
Mar 6, 2024
Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation
Critical
CVE-2024-29868
was published
for
org.apache.streampipes:streampipes-resource-management
(Maven)
Jun 24, 2024
ProTip!
Advisories are also available from the
GraphQL API