Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

269 advisories

Loading
Keycloak vulnerable to impersonation via logout token exchange Low
CVE-2023-0657 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Xuxueli xxl-job template injection vulnerability Low
CVE-2024-3366 was published for com.xuxueli:xxl-job-core (Maven) Apr 6, 2024
In Quarkus, git credentials could be inadvertently published Low
CVE-2024-1979 was published for io.quarkus:quarkus-kubernetes-deployment (Maven) Mar 13, 2024
Duplicate Advisory: Keycloak DoS via account lockout Low
GHSA-3hrr-xwvg-hxvr was published for org.keycloak:keycloak-core (Maven) Feb 29, 2024 withdrawn
codespearhead
Apache Camel data exposure vulnerability Low
CVE-2024-22371 was published for org.apache.camel:camel-core (Maven) Feb 26, 2024
rsrikanth11
Vulnerability affecting the org.openjfx:javafx-media maven component of the OpenJFX project Low
CVE-2024-20925 was published for org.openjfx:javafx-media (Maven) Feb 17, 2024
westonsteimel
Apache Solr Schema Designer blindly "trusts" all configsets Low
CVE-2023-50292 was published for org.apache.solr:solr-core (Maven) Feb 9, 2024
Spring Cloud Contract vulnerable to local information disclosure Low
CVE-2024-22236 was published for org.springframework.cloud:spring-cloud-contract-shade (Maven) Jan 31, 2024
Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin Low
CVE-2024-23903 was published for io.jenkins.plugins:gitlab-branch-source (Maven) Jan 24, 2024
nvdApiKey is logged in debug mode Low
GHSA-qqhq-8r2c-c3f5 was published for org.owasp:dependency-check-ant (Maven) Dec 15, 2023
hott-box
Broken access control in Silverpeas Low
CVE-2023-47320 was published for org.silverpeas.core:silverpeas-core-war (Maven) Dec 13, 2023
Keycloak vulnerable to LDAP Injection on UsernameForm Login Low
CVE-2022-2232 was published for org.keycloak:keycloak-ldap-federation (Maven) Nov 29, 2023
kongold
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files Low
CVE-2023-43123 was published for org.apache.storm:storm-core (Maven) Nov 23, 2023
MarkLee131
Signing DynamoDB Sets when using the AWS Database Encryption SDK. Low
GHSA-72fp-w44g-625q was published for software.amazon.cryptography:aws-database-encryption-sdk-dynamodb (Maven) Nov 9, 2023
Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison Low
CVE-2023-46658 was published for io.jenkins.plugins:teams-webhook-trigger (Maven) Oct 25, 2023
Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison Low
CVE-2023-46656 was published for igalg.jenkins.plugins:multibranch-scan-webhook-trigger (Maven) Oct 25, 2023
Non-constant time webhook token hash comparison in Jenkins Zanata Plugin Low
CVE-2023-46660 was published for org.jenkins-ci.plugins:zanata (Maven) Oct 25, 2023
Jenkins lambdatest-automation Plugin may expose Credentials access token Low
CVE-2023-46653 was published for org.jenkins-ci.plugins:lambdatest-automation (Maven) Oct 25, 2023
Jenkins Gogs Plugin uses non-constant time webhook token comparison Low
CVE-2023-46657 was published for org.jenkins-ci.plugins:gogs-webhook (Maven) Oct 25, 2023
sbt vulnerable to arbitrary file write via archive extraction (Zip Slip) Low
CVE-2023-46122 was published for org.scala-sbt:io_2.12 (Maven) Oct 24, 2023
xuwei-k eed3si9n
Jenkins temporary uploaded file created with insecure permissions Low
CVE-2023-43497 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 20, 2023
Jenkins temporary uploaded file created with insecure permissions Low
CVE-2023-43498 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 20, 2023
Spring for GraphQL may be exposed to GraphQL context with values from a different session Low
CVE-2023-34047 was published for org.springframework.graphql:spring-graphql (Maven) Sep 20, 2023
Jetty's OpenId Revoked authentication allows one request Low
CVE-2023-41900 was published for org.eclipse.jetty:jetty-openid (Maven) Sep 15, 2023
andrewmcguinness timtebeek
Jetty vulnerable to errant command quoting in CGI Servlet Low
CVE-2023-36479 was published for org.eclipse.jetty.ee10:jetty-ee10-servlets (Maven) Sep 14, 2023
kaoudis joakime
ProTip! Advisories are also available from the GraphQL API