Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

5,183 advisories

Loading
Searching Opencast may cause a denial of service Moderate
CVE-2024-52797 was published for org.opencastproject:opencast-elasticsearch-impl (Maven) Nov 20, 2024
Querydsl SQL/HQL injection High
CVE-2024-49203 was published for com.querydsl:querydsl-apt (Maven) Nov 20, 2024
Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider Moderate
CVE-2024-31141 was published for org.apache.kafka:kafka-clients (Maven) Nov 19, 2024
Graylog concurrent PDF report rendering can leak other users' reports High
CVE-2024-52506 was published for org.graylog:graylog-parent (Maven) Nov 18, 2024
Apache Tomcat - XSS in generated JSPs Moderate
CVE-2024-52318 was published for org.apache.tomcat:tomcat-jasper (Maven) Nov 18, 2024
Apache Tomcat Request and/or response mix-up Moderate
CVE-2024-52317 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 18, 2024
Apache Tomcat - Authentication Bypass Critical
CVE-2024-52316 was published for org.apache.tomcat:tomcat-catalina (Maven) Nov 18, 2024
Spring MVC controller vulnerable to a DoS attack Moderate
CVE-2024-38828 was published for org.springframework:spring-webmvc (Maven) Nov 18, 2024
Debezium database connector has a script injection vulnerability Moderate
CVE-2023-1419 was published for io.debezium:debezium-connector-mysql (Maven) Nov 17, 2024
Undertow incorrectly parses cookies High
CVE-2023-4639 was published for io.undertow:undertow-core (Maven) Nov 17, 2024
FitNesse Path Traversal Moderate
CVE-2024-42499 was published for org.fitnesse:fitnesse (Maven) Nov 15, 2024
FitNesse Cross-site scripting Moderate
CVE-2024-39610 was published for org.fitnesse:fitnesse (Maven) Nov 15, 2024
Missing permission check in Jenkins Script Security Plugin Moderate
CVE-2024-52549 was published for org.jenkins-ci.plugins:script-security (Maven) Nov 13, 2024
Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin High
CVE-2024-52550 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Nov 13, 2024
Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin High
CVE-2024-52551 was published for org.jenkinsci.plugins:pipeline-model-parent (Maven) Nov 13, 2024
Stored XSS vulnerability in Jenkins Authorize Project Plugin High
CVE-2024-52552 was published for org.jenkins-ci.plugins:authorize-project (Maven) Nov 13, 2024
Script security bypass vulnerability in Jenkins Shared Library Version Override Plugin High
CVE-2024-52554 was published for io.jenkins.plugins:shared-library-version-override (Maven) Nov 13, 2024
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin High
CVE-2024-52553 was published for org.jenkins-ci.plugins:oic-auth (Maven) Nov 13, 2024
Denial of Service attack on windows app using netty High
CVE-2024-47535 was published for io.netty:netty-common (Maven) Nov 12, 2024
Amossys-PGR
powertac-server XML External Entity vulnerability High
CVE-2024-51135 was published for org.powertac:server-interface (Maven) Nov 11, 2024
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core` High
CVE-2024-52007 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Nov 8, 2024
allonsyintensely
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream High
CVE-2024-47072 was published for com.thoughtworks.xstream:xstream (Maven) Nov 7, 2024
DarkaMaul
hibernate-validator Cross-site Scripting vulnerability Moderate
CVE-2023-1932 was published for org.hibernate.validator:hibernate-validator (Maven) Nov 7, 2024
Undertow Denial of Service vulnerability Moderate
CVE-2023-1973 was published for io.undertow:undertow-core (Maven) Nov 7, 2024
Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability High
CVE-2024-38286 was published for org.apache.tomcat:tomcat-util (Maven) Nov 7, 2024
ProTip! Advisories are also available from the GraphQL API