Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

5,169 advisories

Loading
Snowflake JDBC Security Advisory Moderate
CVE-2024-43382 was published for net.snowflake:snowflake-jdbc (Maven) Oct 30, 2024
JeecgBoot SQL Injection vulnerability High
CVE-2024-48307 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Oct 31, 2024
Apache Kylin Session Fixation vulnerability High
CVE-2024-23590 was published for org.apache.kylin:kylin (Maven) Nov 4, 2024
hornetq vulnerable to file overwrite, sensitive information disclosure High
CVE-2024-51127 was published for org.hornetq:hornetq-core-client (Maven) Nov 4, 2024
Reposilite vulnerable to path traversal while serving javadoc expanded files (arbitrary file read) (`GHSL-2024-074`) High
GHSA-82j3-hf72-7x93 was published for com.reposilite:reposilite-backend (Maven) Nov 4, 2024
artsploit
HAPI FHIR XML External Entity (XXE) vulnerability High
CVE-2024-51132 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Nov 5, 2024
Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability High
CVE-2024-38286 was published for org.apache.tomcat:tomcat-util (Maven) Nov 7, 2024
Undertow Denial of Service vulnerability Moderate
CVE-2023-1973 was published for io.undertow:undertow-core (Maven) Nov 7, 2024
hibernate-validator Cross-site Scripting vulnerability Moderate
CVE-2023-1932 was published for org.hibernate.validator:hibernate-validator (Maven) Nov 7, 2024
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream High
CVE-2024-47072 was published for com.thoughtworks.xstream:xstream (Maven) Nov 7, 2024
DarkaMaul
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core` High
CVE-2024-52007 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Nov 8, 2024
allonsyintensely
powertac-server XML External Entity vulnerability High
CVE-2024-51135 was published for org.powertac:server-interface (Maven) Nov 11, 2024
Denial of Service attack on windows app using netty High
CVE-2024-47535 was published for io.netty:netty-common (Maven) Nov 12, 2024
Amossys-PGR
Missing permission check in Jenkins Script Security Plugin Moderate
CVE-2024-52549 was published for org.jenkins-ci.plugins:script-security (Maven) Nov 13, 2024
Stored XSS vulnerability in Jenkins Authorize Project Plugin High
CVE-2024-52552 was published for org.jenkins-ci.plugins:authorize-project (Maven) Nov 13, 2024
Script security bypass vulnerability in Jenkins Shared Library Version Override Plugin High
CVE-2024-52554 was published for io.jenkins.plugins:shared-library-version-override (Maven) Nov 13, 2024
Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin High
CVE-2024-52551 was published for org.jenkinsci.plugins:pipeline-model-parent (Maven) Nov 13, 2024
Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin High
CVE-2024-52550 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Nov 13, 2024
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin High
CVE-2024-52553 was published for org.jenkins-ci.plugins:oic-auth (Maven) Nov 13, 2024
ProTip! Advisories are also available from the GraphQL API