WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,726
Maven
5,000+
npm
4,331
NuGet
763
pip
4,107
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

6,143 advisories

Loading
Strimzi allows unrestricted access to all Secrets in the same Kubernetes namespace from Kafka Connect and MirrorMaker 2 operands High
CVE-2025-66623 was published for io.strimzi:strimzi (Maven) Dec 5, 2025
scholzj ppatierno
im-konge
Credited to scholzj, ppatierno, and im-konge
yawkat LZ4 Java has a possible information leak in Java safe decompressor High
CVE-2025-66566 was published for at.yawk.lz4:lz4-java (Maven) Dec 5, 2025
simonresch
Credited to simonresch
Apache Tika has XXE vulnerability Critical
CVE-2025-66516 was published for org.apache.tika:tika-core (Maven) Dec 4, 2025
Central Dogma's Login Function Has an Open Redirect Vulnerability Moderate
CVE-2025-11222 was published for com.linecorp.centraldogma:centraldogma-server-auth-shiro (Maven) Dec 4, 2025
minwoox
Credited to minwoox
Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function Low
CVE-2025-66453 was published for org.mozilla:rhino (Maven) Dec 3, 2025
TechPizzaDev
Credited to TechPizzaDev
BlazeMeter Jenkins Plugin is Missing Authorization for Available Resources Moderate
CVE-2025-13472 was published for com.blazemeter.plugins:BlazeMeterJenkinsPlugin (Maven) Dec 3, 2025
Keycloak unable to restrict access to the admin console Low
CVE-2025-10939 was published for org.keycloak:keycloak-quarkus-server (Maven) Dec 2, 2025
Keycloak has debug default bind address Moderate
CVE-2025-11538 was published for org.keycloak:keycloak-quarkus-dist (Maven) Dec 2, 2025
XWiki Jetty Package (XJetty) allows accessing any application file through URL High
CVE-2025-55749 was published for org.xwiki.platform:xwiki-platform-tool-jetty-resources (Maven) Dec 1, 2025
Apache Struts is Vulnerable to DoS via File Leak High
CVE-2025-64775 was published for org.apache.struts:struts2-core (Maven) Dec 1, 2025
NutzBoot vulnerable to deserialization Low
CVE-2025-13805 was published for org.nutz:nutzboot-parent (Maven) Dec 1, 2025
NutzBoot Incorrect Privilege Assignment vulnerability Moderate
CVE-2025-13806 was published for org.nutz:nutzboot-parent (Maven) Dec 1, 2025
NutzBoot vulnerable to information disclosure Low
CVE-2025-13804 was published for org.nutz:nutzboot-parent (Maven) Dec 1, 2025
LZ4 Java Compression has Out-of-bounds memory operations which can cause DoS High
CVE-2025-12183 was published for at.yawk.lz4:lz4-java (Maven) Nov 28, 2025
Marcono1234 pjfanning
Credited to Marcono1234 and pjfanning
Mustangproject allows exfiltrating files via XXE attacks Low
CVE-2025-66372 was published for org.mustangproject:library (Maven) Nov 28, 2025
ThingsBoard allows an authenticated user to upload malicious SVG images Moderate
CVE-2025-3261 was published for org.thingsboard:application (Maven) Nov 27, 2025
Apache SkyWalking has a stored XSS vulnerability Moderate
CVE-2025-54057 was published for org.apache.skywalking:apm-webapp (Maven) Nov 27, 2025
oscerd
Credited to oscerd
Hive Metastore Server is vulnerable to SQL Injection High
CVE-2025-62728 was published for org.apache.hive:hive-common (Maven) Nov 26, 2025
Apache Druid’s Kerberos authenticator uses a weak fallback secret Critical
CVE-2025-59390 was published for org.apache.druid:druid (Maven) Nov 26, 2025
OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization High
CVE-2025-66021 was published for com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer (Maven) Nov 25, 2025
ironfisto
Credited to ironfisto
OpenSearch is vulnerable to DoS via complex query_string inputs High
CVE-2025-9624 was published for org.opensearch:opensearch-common (Maven) Nov 25, 2025
RafSobol
Credited to RafSobol
GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature High
CVE-2025-58360 was published for org.geoserver.web:gs-web-app (Maven) Nov 25, 2025
xbow-security jodygarnett
Credited to xbow-security and jodygarnett
GeoServer has a Reflected Cross-Site Scripting (XSS) vulnerability in its WMS GetFeatureInfo HTML format Moderate
CVE-2025-21621 was published for org.geoserver.web:gs-web-app (Maven) Nov 25, 2025
sikeoka
Credited to sikeoka
Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization Moderate
CVE-2025-13467 was published for org.keycloak:keycloak-ldap-federation (Maven) Nov 25, 2025
Apache Syncope's AES encryption stores hard-coded passwords in internal database High
CVE-2025-65998 was published for org.apache.syncope:syncope-core (Maven) Nov 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database