Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,024 advisories

Loading
PowerJob has a server-side request forgery vulnerability in PingPongUtils.java Moderate
CVE-2025-14518 was published for tech.powerjob:powerjob-common (Maven) Dec 11, 2025
Improper Memory Cleanup in the Okta Java SDK Moderate
CVE-2025-66033 was published for com.okta.sdk:okta-sdk-root (Maven) Dec 10, 2025
pyckle
Credited to pyckle
Jenkins HashiCorp Vault Plugin exposes system-scoped Vault credentials Moderate
CVE-2025-67642 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Dec 10, 2025
Jenkins Redpen - Pipeline Reporter for Jira Plugin has a path traversal vulnerability Moderate
CVE-2025-67643 was published for org.jenkinsci.plugins:pipeline-reporter-by-redpen (Maven) Dec 10, 2025
Jenkins is missing a permission check on password fields Moderate
CVE-2025-67636 was published for org.jenkins-ci.main:jenkins-core (Maven) Dec 10, 2025
Jenkins's build authorization token is stored and displayed in plain text Moderate
CVE-2025-67637 was published for org.jenkins-ci.main:jenkins-core (Maven) Dec 10, 2025
Jenkins's build authorization token is stored and displayed in plain text Moderate
CVE-2025-67638 was published for org.jenkins-ci.main:jenkins-core (Maven) Dec 10, 2025
Jenkins Git client Plugin has an OS command injection vulnerability on agents in Git client Plugin Moderate
CVE-2025-67640 was published for org.jenkins-ci.plugins:git-client (Maven) Dec 10, 2025
XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication Moderate
CVE-2025-66472 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Dec 10, 2025
4rdr
Credited to 4rdr
JDA (Java Discord API) downloads external URLs when updating message components Moderate
GHSA-93fv-4pm9-xp28 was published for net.dv8tion:JDA (Maven) Dec 9, 2025
Central Dogma's Login Function Has an Open Redirect Vulnerability Moderate
CVE-2025-11222 was published for com.linecorp.centraldogma:centraldogma-server-auth-shiro (Maven) Dec 4, 2025
minwoox
Credited to minwoox
BlazeMeter Jenkins Plugin is Missing Authorization for Available Resources Moderate
CVE-2025-13472 was published for com.blazemeter.plugins:BlazeMeterJenkinsPlugin (Maven) Dec 3, 2025
Keycloak has debug default bind address Moderate
CVE-2025-11538 was published for org.keycloak:keycloak-quarkus-dist (Maven) Dec 2, 2025
NutzBoot Incorrect Privilege Assignment vulnerability Moderate
CVE-2025-13806 was published for org.nutz:nutzboot-parent (Maven) Dec 1, 2025
ThingsBoard allows an authenticated user to upload malicious SVG images Moderate
CVE-2025-3261 was published for org.thingsboard:application (Maven) Nov 27, 2025
Apache SkyWalking has a stored XSS vulnerability Moderate
CVE-2025-54057 was published for org.apache.skywalking:apm-webapp (Maven) Nov 27, 2025
oscerd
Credited to oscerd
GeoServer has a Reflected Cross-Site Scripting (XSS) vulnerability in its WMS GetFeatureInfo HTML format Moderate
CVE-2025-21621 was published for org.geoserver.web:gs-web-app (Maven) Nov 25, 2025
sikeoka
Credited to sikeoka
Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization Moderate
CVE-2025-13467 was published for org.keycloak:keycloak-ldap-federation (Maven) Nov 25, 2025
XWiki view file macro: User can view content of office file without view rights on the attachment Moderate
CVE-2025-65089 was published for com.xwiki.pro:xwiki-pro-macros-ui (Maven) Nov 18, 2025
XWiki AdminTools application doesn't set permissions on the AdminTools space Moderate
CVE-2025-54990 was published for com.xwiki.admintools:application-admintools (Maven) Nov 18, 2025
lsFusion Server is vulnerable to Path Traversal through its unpackFile function Moderate
CVE-2025-13265 was published for lsfusion.platform:server (Maven) Nov 17, 2025
lsFusion Platform has a Path Traversal vulnerability Moderate
CVE-2025-13262 was published for lsfusion.platform:web-client (Maven) Nov 17, 2025
vlife-base has Path Traversal vulnerability Moderate
CVE-2025-13266 was published for io.github.wwwlike:vlife-base (Maven) Nov 17, 2025
lsFusion Platform has a Path Traversal vulnerability Moderate
CVE-2025-13261 was published for lsfusion.platform:web-client (Maven) Nov 17, 2025
Duplicate Advisory: Keycloak allows Binding to an Unrestricted IP Address Moderate
GHSA-7m9g-pmxf-m9m8 was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 13, 2025 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database