Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

732 advisories

Loading
Apache Tomcat - Authentication Bypass Critical
CVE-2024-52316 was published for org.apache.tomcat:tomcat-catalina (Maven) Nov 18, 2024
JSONPath Plus Remote Code Execution (RCE) Vulnerability Critical
CVE-2024-21534 was published for jsonpath-plus (Maven) Oct 11, 2024
jdong10
Apache Seata Deserialization of Untrusted Data vulnerability Critical
CVE-2024-22399 was published for org.apache.seata:seata-core (Maven) Sep 16, 2024
Eclipse Parsson stack overflow when parsing deeply nested input Critical
CVE-2023-7272 was published for org.eclipse.parsson:parsson (Maven) Jul 17, 2024
MySQL Connectors takeover vulnerability Critical
CVE-2023-22102 was published for com.mysql:mysql-connector-j (Maven) Oct 18, 2023
d0ougal
Butterfly has path/URL confusion in resource handling leading to multiple weaknesses Critical
CVE-2024-47883 was published for org.openrefine.dependencies:butterfly (Maven) Oct 24, 2024
Access Control Bypass in Spring Security Critical
CVE-2023-34034 was published for org.springframework.security:spring-security-config (Maven) Jul 19, 2023
bbossola furti
Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications Critical
CVE-2024-38821 was published for org.springframework.security:spring-security-web (Maven) Oct 28, 2024
Apache Linkis Zip Slip issue Critical
CVE-2023-27603 was published for org.apache.linkis:linkis (Maven) Jul 6, 2023
Apache Linkis Unrestricted File Upload vulnerability Critical
CVE-2023-27602 was published for org.apache.linkis:linkis (Maven) Jul 6, 2023
Apache StreamPark Path Traversal vulnerability Critical
CVE-2022-45802 was published for org.apache.streampark:streampark-common_2.11 (Maven) Jul 6, 2023
Apache Linkis Authentication Bypass vulnerability Critical
CVE-2023-27987 was published for org.apache.linkis:linkis (Maven) Jul 6, 2023
Deserialization of Untrusted Data in Groovy Critical
CVE-2016-6814 was published for org.codehaus.groovy:groovy (Maven) May 13, 2022
SunBK201 SebGondron
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy Critical
CVE-2015-3253 was published for org.codehaus.groovy:groovy (Maven) May 13, 2022
SebGondron
Improper Authentication vulnerability in Apache Solr Critical
CVE-2024-45216 was published for org.apache.solr:solr (Maven) Oct 16, 2024
Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download Critical
CVE-2023-48910 was published for io.github.microcks:microcks (Maven) Dec 4, 2023
XML external entity injection in Terracotta Quartz Scheduler Critical
CVE-2019-13990 was published for org.quartz-scheduler:quartz (Maven) Jul 1, 2020
Apache Spark vulnerable to Improper Privilege Management Critical
CVE-2023-22946 was published for org.apache.spark:spark-core_2.12 (Maven) Apr 17, 2023
pan3793
Improper Authentication in Apache Spark Critical
CVE-2020-9480 was published for org.apache.spark:spark-parent_2.11 (Maven) Feb 10, 2022
pac4j-core affected by a Java deserialization vulnerability Critical
CVE-2023-25581 was published for org.pac4j:pac4j-core (Maven) Oct 11, 2024
OS Command Injection in Plexus-utils Critical
CVE-2017-1000487 was published for org.codehaus.plexus:plexus-utils (Maven) May 13, 2022
Apache Accumulo Improper Authentication vulnerability Critical
CVE-2023-34340 was published for org.apache.accumulo:accumulo-shell (Maven) Jun 21, 2023
Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK) Critical
CVE-2024-47561 was published for org.apache.avro:avro (Maven) Oct 3, 2024
dbrugman
Authorization bypass in Spring Security Critical
CVE-2022-22978 was published for org.springframework.security:spring-security-core (Maven) May 20, 2022
secjoker moon2263
Jenkins OpenId Connect Authentication Plugin lacks issuer claim validation Critical
CVE-2024-47807 was published for org.jenkins-ci.plugins:oic-auth (Maven) Oct 2, 2024
ProTip! Advisories are also available from the GraphQL API