Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,777 advisories

Loading
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core` High
CVE-2024-52007 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Nov 8, 2024
allonsyintensely
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream High
CVE-2024-47072 was published for com.thoughtworks.xstream:xstream (Maven) Nov 7, 2024
DarkaMaul
Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability High
CVE-2024-38286 was published for org.apache.tomcat:tomcat-util (Maven) Nov 7, 2024
HAPI FHIR XML External Entity (XXE) vulnerability High
CVE-2024-51132 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Nov 5, 2024
Reposilite vulnerable to path traversal while serving javadoc expanded files (arbitrary file read) (`GHSL-2024-074`) High
GHSA-82j3-hf72-7x93 was published for com.reposilite:reposilite-backend (Maven) Nov 4, 2024
artsploit
hornetq vulnerable to file overwrite, sensitive information disclosure High
CVE-2024-51127 was published for org.hornetq:hornetq-core-client (Maven) Nov 4, 2024
Apache Kylin Session Fixation vulnerability High
CVE-2024-23590 was published for org.apache.kylin:kylin (Maven) Nov 4, 2024
JeecgBoot SQL Injection vulnerability High
CVE-2024-48307 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Oct 31, 2024
OpenRefine has a path traversal in LoadLanguageCommand High
CVE-2024-49760 was published for org.openrefine:openrefine (Maven) Oct 24, 2024
OpenRefine leaks Google API credentials in releases High
GHSA-3pg4-qwc8-426r was published for org.openrefine:openrefine (Maven) Oct 24, 2024
OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE) High
CVE-2024-47881 was published for org.openrefine:database (Maven) Oct 24, 2024
OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand High
CVE-2024-47880 was published for org.openrefine:openrefine (Maven) Oct 24, 2024
OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF) High
CVE-2024-47879 was published for org.openrefine:main (Maven) Oct 24, 2024
wetneb
OpenRefine has a reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt) High
CVE-2024-47878 was published for org.openrefine:extensions (Maven) Oct 24, 2024
Insecure Default Initialization of Resource vulnerability in Apache Solr High
CVE-2024-45217 was published for org.apache.solr:solr (Maven) Oct 16, 2024
SAK-50571 Sakai Kernel users created with type roleview can login as a normal user High
CVE-2024-47876 was published for org.sakaiproject.kernel:sakai-kernel-impl (Maven) Oct 15, 2024
Keycloak has session fixation in Elytron SAML adapters High
CVE-2024-7341 was published for org.keycloak:keycloak-services (Maven) Oct 14, 2024
Chetven
Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak High
CVE-2024-8698 was published for org.keycloak:keycloak-saml-core (Maven) Oct 14, 2024
Chetven
Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans High
CVE-2023-50780 was published for org.apache.activemq:artemis-cli (Maven) Oct 14, 2024
Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader High
CVE-2024-47554 was published for commons-io:commons-io (Maven) Oct 3, 2024
Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability High
CVE-2024-39928 was published for org.apache.linkis:linkis-engineplugin-spark (Maven) Sep 25, 2024
oscerd
DataEase has an XML External Entity Reference vulnerability High
CVE-2024-46985 was published for io.dataease:common (Maven) Sep 23, 2024
flylzj
Duplicate Advisory: Keycloak Open Redirect vulnerability High
GHSA-vvf8-2h68-9475 was published for org.keycloak:keycloak-services (Maven) Sep 19, 2024 withdrawn
protobuf-java has potential Denial of Service issue High
CVE-2024-7254 was published for com.google.protobuf:protobuf-java (RubyGems) Sep 19, 2024
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack High
CVE-2024-46984 was published for de.gematik.refv.commons:commons (Maven) Sep 19, 2024
ProTip! Advisories are also available from the GraphQL API