GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
5,251 advisories
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
High
CVE-2024-50379
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Dec 17, 2024
Welcome and About GeoServer pages communicate version and revision information
Moderate
CVE-2024-35230
was published
for
org.geoserver.web:gs-web-app
(Maven)
Dec 16, 2024
http4k has a potential XXE (XML External Entity Injection) vulnerability
Critical
CVE-2024-55875
was published
for
org.http4k:http4k-format-xml
(Maven)
Dec 12, 2024
sigstore-java has a vulnerability with bundle verification
Low
CVE-2024-54140
was published
for
dev.sigstore:sigstore-java
(Maven)
Dec 5, 2024
AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s
Critical
CVE-2024-53990
was published
for
org.asynchttpclient:async-http-client
(Maven)
Dec 2, 2024
Withdrawn Advisory: Netty vulnerability included in redis lettuce
Moderate
GHSA-q4h9-7rxj-7gx2
was published
for
io.lettuce:lettuce-core
(Maven)
Dec 2, 2024
•
withdrawn
Spring Framework has Authorization Bypass for Case Sensitive Comparisons
Moderate
CVE-2024-38827
was published
for
org.springframework.security:spring-security-core
(Maven)
Dec 2, 2024
Querydsl vulnerable to HQL injection trough orderBy
High
CVE-2024-49203
was published
for
com.querydsl:querydsl-apt
(Maven)
Nov 27, 2024
ProTip!
Advisories are also available from the
GraphQL API