Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

64 advisories

Loading
apollo-portal has potential unauthorized access issue Moderate
CVE-2024-43397 was published for com.ctrip.framework.apollo:apollo (Maven) Aug 20, 2024
Keycloak's admin API allows low privilege users to use administrative functions High
CVE-2024-3656 was published for org.keycloak:keycloak-services (Maven) Jun 11, 2024
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability Moderate
CVE-2024-28087 was published for org.bonitasoft.engine:bonita-server (Maven) May 15, 2024
Apache HugeGraph-Server: Command execution in gremlin Critical
CVE-2024-27348 was published for org.apache.hugegraph:hugegraph-api (Maven) Apr 22, 2024
Keycloak vulnerable to impersonation via logout token exchange Low
CVE-2023-0657 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated High
CVE-2024-22234 was published for org.springframework.security:spring-security-core (Maven) Feb 20, 2024
oscerd
Graylog vulnerable to instantiation of arbitrary classes triggered by API request High
CVE-2024-24824 was published for org.graylog2:graylog2-server (Maven) Feb 7, 2024
fabsx00
Sandbox escape in Artemis Java Test Sandbox High
CVE-2024-23681 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024
Broken access control in Silverpeas Moderate
CVE-2023-47321 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
Broken access control in Silverpeas Moderate
CVE-2023-47325 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
Broken access control in Silverpeas Moderate
CVE-2023-47327 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
Broken access control in Silverpeas Low
CVE-2023-47320 was published for org.silverpeas.core:silverpeas-core-war (Maven) Dec 13, 2023
SaToken privilege escalation vulnerability Critical
CVE-2023-44794 was published for cn.dev33:sa-token-core (Maven) Oct 25, 2023
io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud Moderate
CVE-2023-36820 was published for io.micronaut.security:micronaut-security-oauth2 (Maven) Oct 5, 2023
tommyli
XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution Critical
CVE-2023-40573 was published for com.xpn.xwiki.platform.plugins:xwiki-plugin-scheduler (Maven) Aug 23, 2023
PowerJob incorrect access control vulnerability High
CVE-2023-36106 was published for tech.powerjob:powerjob (Maven) Aug 17, 2023
Access Control Bypass in Spring Security Critical
CVE-2023-34034 was published for org.springframework.security:spring-security-config (Maven) Jul 19, 2023
bbossola furti
PlantUML Improper Access Control vulnerability Moderate
CVE-2023-3431 was published for net.sourceforge.plantuml:plantuml-mit (Maven) Jun 27, 2023
Liferay portal has unauthorized access to object definition via search Moderate
CVE-2023-33947 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
Liferay portal unauthorized access to objects via OAuth 2 scope Moderate
CVE-2023-33946 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode Critical
CVE-2023-29526 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 20, 2023
xwiki-platform-web-templates allows users to be created even when registration is disabled without validation via template macro Moderate
CVE-2023-29513 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Apr 20, 2023
PowerJob vulnerable to Incorrect Access Control via the create user/save interface. Moderate
CVE-2023-29922 was published for tech.powerjob:powerjob (Maven) Apr 19, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for ID enumeration Moderate
CVE-2023-28673 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for unauthorized server connections Moderate
CVE-2023-28675 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
ProTip! Advisories are also available from the GraphQL API