Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,556
Maven
5,000+
npm
4,228
NuGet
747
pip
4,000
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

6,025 advisories

Loading
Eclipse RDF4j vulnerable to XML External Entity Critical
CVE-2018-1000644 was published for org.eclipse.rdf4j:rdf4j-runtime (Maven) Oct 19, 2018
jeffwidman
Credited to jeffwidman
H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint High
CVE-2024-7768 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) and File Write High
CVE-2024-10572 was published for ai.h2o:h2o-ext-xgboost (Maven) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint High
CVE-2024-10549 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
WildFly Elytron: SSRF security issue High
CVE-2024-1233 was published for org.wildfly.security:wildfly-elytron-realm-token (Maven) Apr 9, 2024
Deep Java Library path traversal issue Critical
CVE-2025-0851 was published for ai.djl:api (Maven) Jan 29, 2025
Amazon Redshift JDBC Driver vulnerable to SQL Injection High
CVE-2024-12744 was published for com.amazon.redshift:redshift-jdbc42 (Maven) Dec 26, 2024
alikrubin
Credited to alikrubin
Apache Geode web-api is vulnerable to Cross-site Scripting Moderate
CVE-2024-44088 was published for org.apache.geode:geode-web-api (Maven) Oct 14, 2025
Eclipse JGit XML External Entity (XXE) Vulnerability Moderate
CVE-2025-4949 was published for org.eclipse.jgit:org.eclipse.jgit (Maven) May 21, 2025
Liferay is Vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62252 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 13, 2025
Liferay Mentions Web is Vulnerable to Cross-site Scripting Moderate
CVE-2025-62246 was published for com.liferay:com.liferay.mentions.web (Maven) Oct 13, 2025
Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62241 was published for com.liferay.commerce:com.liferay.commerce.order.content.web (Maven) Oct 13, 2025
Liferay Account Admin Web vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62242 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025
Liferay Publications is vulnerable to Incorrect Authorization Moderate
CVE-2025-62243 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025
Liferay Publications vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62244 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025
Opencast's Paella Player 7 is vulnerable to Cross-Site Scripting Moderate
CVE-2025-61788 was published for org.opencastproject:opencast-common (Maven) Oct 8, 2025
miesgre
Credited to miesgre
Http4s vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section Moderate
CVE-2025-59822 was published for org.http4s:http4s-ember-core_2.12 (Maven) Sep 23, 2025
sebastianosrt samspills
rossabaker
Credited to sebastianosrt, samspills, and rossabaker
Liferay Portal is vulnerable to CSRF through publication comments Moderate
CVE-2025-62245 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 10, 2025
Apache Struts vulnerable to memory exhaustion High
CVE-2023-34396 was published for org.apache.struts:struts-core (Maven) Jun 14, 2023
ryanmurf
Credited to ryanmurf
Improper Input Validation in Apache Struts High
CVE-2016-1182 was published for org.apache.struts:struts-core (Maven) May 13, 2022
ryanmurf
Credited to ryanmurf
Improper Input Validation in Apache Struts High
CVE-2016-1181 was published for org.apache.struts:struts-core (Maven) May 13, 2022
ryanmurf
Credited to ryanmurf
Improper Input Validation in Apache Struts High
CVE-2015-0899 was published for org.apache.struts:struts-core (Maven) May 14, 2022
ryanmurf
Credited to ryanmurf
Querydsl vulnerable to HQL injection through orderBy High
CVE-2024-49203 was published for com.querydsl:querydsl-apt (Maven) Nov 27, 2024
CSIRTTrizna ryanmurf
Credited to CSIRTTrizna and ryanmurf
Liferay Portal is vulnerable to XSS through its workflow process builder Moderate
CVE-2025-62239 was published for com.liferay:com.liferay.portal.workflow.kaleo.designer.web (Maven) Oct 10, 2025
Liferay Portal's Membership page is vulnerable to XSS through “name“ text field Moderate
CVE-2025-62238 was published for com.liferay:com.liferay.account.admin.web (Maven) Oct 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database