Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

5,600 advisories

Loading
OpenDaylight SFC Allows Unauthorized Privileged Execution via Crafted Request Critical
CVE-2025-29315 was published for org.opendaylight.sfc:sfc-parent (Maven) Mar 24, 2025
Spring Security Vulnerable to Authorization Bypass via Security Annotations Moderate
CVE-2025-22223 was published for org.springframework.security:spring-security-core (Maven) Mar 24, 2025
Apache Commons VFS Has Relative Path Traversal Vulnerability High
CVE-2025-27553 was published for org.apache.commons:commons-vfs2 (Maven) Mar 23, 2025
Apache Commons VFS Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2025-30474 was published for org.apache.commons:commons-vfs2 (Maven) Mar 23, 2025
aizuda snail-job Vulnerable to Deserialization via `nodeExpression` Argument Moderate
CVE-2025-2622 was published for com.aizuda:snail-job (Maven) Mar 22, 2025
Apache Oozie Cross-Site Scripting (XSS) Moderate
CVE-2025-26796 was published for org.apache.oozie:oozie-core (Maven) Mar 22, 2025
Liferay Portal and Liferay DXP Reveals Data via Forms Moderate
CVE-2025-2565 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 20, 2025
Apache Druid vulnerable to Server-Side Request Forgery, Cross-site Scripting, Open Redirect Moderate
CVE-2025-27888 was published for org.apache.druid:druid (Maven) Mar 20, 2025
H2O Vulnerable to Arbitrary File Overwrite High
CVE-2024-8616 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `HEAD` Request High
CVE-2024-8062 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing High
CVE-2024-7765 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint High
CVE-2024-7768 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
H2O Vulnerable to Arbitrary File Overwrite via File Export High
CVE-2024-6854 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
H2O Vulnerable to Execution of Arbitrary Files Moderate
CVE-2024-6863 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint High
CVE-2024-10549 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `/3/ParseSetup` Endpoint High
CVE-2024-10550 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
H2O Deserialization of Untrusted Data Vulnerability Critical
CVE-2024-10553 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) and File Write High
CVE-2024-10572 was published for ai.h2o:h2o-ext-xgboost (Maven) Mar 20, 2025
Apache Seata Vulnerable to Deserialization of Untrusted Data Low
CVE-2024-47552 was published for org.apache.seata:seata-config-core (Maven) Mar 20, 2025
Apache Seata Vulnerable to Data Amplification Low
CVE-2024-54016 was published for org.apache.seata:seata-parent (Maven) Mar 20, 2025
Spring Security Does Not Enforce Password Length High
CVE-2025-22228 was published for org.springframework.security:spring-security-crypto (Maven) Mar 20, 2025
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2025-2536 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 19, 2025
The WikiManager REST API allows any user to create wikis High
CVE-2025-29926 was published for org.xwiki.platform:xwiki-platform-wiki-rest-default (Maven) Mar 19, 2025
XWiki allows unregistered users to access private pages information through REST endpoint High
CVE-2025-29925 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Mar 19, 2025
XWiki uses the wrong wiki reference in AuthorizationManager High
CVE-2025-29924 was published for org.xwiki.platform:xwiki-platform-security-authorization-api (Maven) Mar 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database