Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

265 advisories

Loading
veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability Low
CVE-2024-52800 was published for org.verapdf:core (Maven) Dec 2, 2024
Duplicate Advisory: Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path Low
GHSA-6vrw-mpj8-3j59 was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024 withdrawn
Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks Low
CVE-2024-6762 was published for org.eclipse.jetty:jetty-servlets (Maven) Oct 14, 2024
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials Low
CVE-2024-47197 was published for org.apache.maven.plugins:maven-archetype-plugin (Maven) Sep 26, 2024
Apache Hadoop: Temporary File Local Information Disclosure Low
CVE-2024-23454 was published for org.apache.hadoop:hadoop-common (Maven) Sep 25, 2024
oscerd
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability Low
CVE-2024-45384 was published for org.apache.druid.extensions:druid-pac4j (Maven) Sep 17, 2024
Apache Druid: Users can provide MySQL JDBC properties not on allow list Low
CVE-2024-45537 was published for org.apache.druid:druid (Maven) Sep 17, 2024
Silverpeas vulnerable to password complexity rule bypass Low
CVE-2024-42850 was published for org.silverpeas.core:silverpeas-core (Maven) Aug 16, 2024
Apache CXF: SSRF vulnerability via WADL stylesheet parameter Low
CVE-2024-29736 was published for org.apache.cxf:cxf-rt-rs-service-description (Maven) Jul 19, 2024
OpenSearch Observability does not properly restrict access to private tenant resources Low
CVE-2024-39901 was published for org.opensearch.plugin:opensearch-observability (Maven) Jul 10, 2024
Exposure of secrets through system log in Jenkins Structs Plugin Low
CVE-2024-39458 was published for org.jenkins-ci.plugins:structs (Maven) Jun 26, 2024
DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document Low
CVE-2024-38364 was published for org.dspace:dspace-server-webapp (Maven) Jun 25, 2024
Xib3rR4dAr
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console Low
CVE-2024-5967 was published for org.keycloak:keycloak-ldap-federation (Maven) Jun 21, 2024
MarkLee131
Duplicate Advisory: Keycloak: Leak of configured LDAP bind credentials Low
GHSA-gmrm-8fx4-66x7 was published for org.keycloak:keycloak-core (Maven) Jun 18, 2024 withdrawn
Keycloak Denial of Service via account lockout Low
GHSA-cq42-vhv7-xr7p was published for org.keycloak:keycloak-services (Maven) Jun 12, 2024
Keycloak's improper input validation allows using email as username Low
GHSA-4vc8-pg5c-vg4x was published for org.keycloak:keycloak-services (Maven) Jun 12, 2024
Jenkins Report Info Plugin Path Traversal vulnerability Low
CVE-2024-5273 was published for org.jenkins-ci.plugins:report-info (Maven) May 24, 2024
Ant Media Server does not properly authorize non-administrative API calls Low
CVE-2024-3462 was published for io.antmedia:ant-media-server (Maven) May 14, 2024
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning Low
CVE-2024-34447 was published for org.bouncycastle:bcprov-jdk12 (Maven) May 3, 2024
samueloph
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext Low
CVE-2024-34147 was published for org.jenkins-ci.plugins:telegrambot (Maven) May 2, 2024
XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets Low
CVE-2024-31573 was published for org.xmlunit:xmlunit-core (Maven) May 1, 2024
c1gar
JADX file override vulnerability Low
GHSA-hvp5-5x4f-33fq was published for io.github.skylot:jadx-core (Maven) Apr 22, 2024
Cl0udG0d
Keycloak vulnerable to impersonation via logout token exchange Low
CVE-2023-0657 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Xuxueli xxl-job template injection vulnerability Low
CVE-2024-3366 was published for com.xuxueli:xxl-job-core (Maven) Apr 6, 2024
In Quarkus, git credentials could be inadvertently published Low
CVE-2024-1979 was published for io.quarkus:quarkus-kubernetes-deployment (Maven) Mar 13, 2024
ProTip! Advisories are also available from the GraphQL API