GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
Duplicate Advisory: Prototype Pollution in jquery
Moderate
CVE-2019-5428
was published
for
jquery
(RubyGems)
Apr 23, 2019
•
withdrawn
Incorrect Authorization in Apache Solr
Critical
CVE-2020-13957
was published
for
org.apache.solr:solr-parent
(Maven)
Feb 10, 2022
Improper Input Validation in GeoServer
High
CVE-2022-24847
was published
for
org.geoserver:gs-main
(Maven)
Apr 22, 2022
OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser
High
CVE-2022-29546
was published
for
net.sourceforge.htmlunit:neko-htmlunit
(Maven)
Apr 26, 2022
Keycloak vulnerable to privilege escalation on Token Exchange feature
Critical
CVE-2022-1245
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 26, 2022
Keycloak is vulnerable to IDN homograph attack
Low
GHSA-mwm4-5qwr-g9pf
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 28, 2022
Arbitrary filesystem write access from velocity.
High
CVE-2022-24897
was published
for
org.xwiki.commons:xwiki-commons-velocity
(Maven)
Apr 28, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High
CVE-2017-5647
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Code injection in Apache NiFi and NiFi Registry
High
CVE-2022-33140
was published
for
org.apache.nifi.registry:nifi-registry-core
(Maven)
Jun 16, 2022
Duplicate Advisory: Denial of Service due to parser crash
Low
GHSA-3mq5-fq9h-gj7j
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Sep 17, 2022
•
withdrawn
Apache Spark vulnerable to Log Injection
Moderate
CVE-2022-31777
was published
for
org.apache.spark:spark-core
(Maven)
Nov 1, 2022
ProTip!
Advisories are also available from the
GraphQL API