Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

134 advisories

Loading
Improper Authentication vulnerability in Apache Solr Critical
CVE-2024-45216 was published for org.apache.solr:solr (Maven) Oct 16, 2024
Jenkins item creation restriction bypass vulnerability Moderate
CVE-2024-47804 was published for org.jenkins-ci.main:jenkins-core (Maven) Oct 2, 2024
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access High
CVE-2024-44076 was published for io.github.microcks:microcks-app (Maven) Aug 19, 2024
Alpine allows URL access filter bypass High
CVE-2022-23553 was published for us.springett:alpine (Maven) Aug 5, 2024
XWiki programming rights may be inherited by inclusion Critical
CVE-2024-38369 was published for org.xwiki.platform:xwiki-platform-rendering-macro-include (Maven) Jun 24, 2024
Apache Submarine Server Core Incorrect Authorization vulnerability Critical
CVE-2024-36265 was published for apache-submarine (Maven) Jun 12, 2024
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode High
CVE-2024-27309 was published for org.apache.kafka:kafka-metadata (Maven) Apr 12, 2024
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints Moderate
CVE-2024-29834 was published for org.apache.pulsar:pulsar-broker (Maven) Apr 2, 2024
oscerd
Elasticsearch Incorrect Authorization vulnerability Moderate
CVE-2024-23451 was published for org.elasticsearch:elasticsearch (Maven) Mar 27, 2024
Ignite Realtime Openfire privilege escalation vulnerability High
CVE-2024-25420 was published for org.igniterealtime.openfire:xmppserver (Maven) Mar 26, 2024
Ignite Realtime Openfire privilege escalation vulnerability High
CVE-2024-25421 was published for org.igniterealtime.openfire:xmppserver (Maven) Mar 26, 2024
Apache Pulsar: Improper Authorization For Topic-Level Policy Management Moderate
CVE-2024-28098 was published for org.apache.pulsar:pulsar-broker (Maven) Mar 12, 2024
oscerd
Apache Archiva Incorrect Authorization vulnerability High
CVE-2024-27139 was published for org.apache.archiva:archiva (Maven) Mar 1, 2024
Apache Archiva Incorrect Authorization vulnerability High
CVE-2024-27138 was published for org.apache.archiva:archiva (Maven) Mar 1, 2024
OpenRefine JDBC Attack Vulnerability High
CVE-2024-23833 was published for org.openrefine:database (Maven) Feb 12, 2024
l0n3rs
Velocity execution without script right through tree macro High
CVE-2023-50732 was published for org.xwiki.platform:xwiki-platform-index-tree-macro (Maven) Dec 19, 2023
XWiki Platform privilege escalation from script right to programming right through title displayer Critical
CVE-2023-46244 was published for org.xwiki.platform:xwiki-platform-display-api (Maven) Nov 7, 2023
SaToken authentication bypass vulnerability High
CVE-2023-43961 was published for cn.dev33:sa-token-core (Maven) Oct 25, 2023
Quarkus HTTP vulnerable to incorrect evaluation of permissions High
CVE-2023-4853 was published for io.quarkus:quarkus-csrf-reactive (Maven) Sep 20, 2023
OpenNMS privilege escalation vulnerability Moderate
CVE-2023-40315 was published for org.opennms:opennms-webapp-rest (Maven) Aug 17, 2023
Incorrect permission checks in Qualys Web App Scanning Connector Plugin allow capturing credentials Moderate
CVE-2023-39154 was published for com.qualys.plugins:qualys-was (Maven) Jul 26, 2023
Paths contain matrix variables bypass decorators High
CVE-2023-38493 was published for com.linecorp.armeria:armeria (Maven) Jul 25, 2023
Missing permission check in Jenkins Dimensions Plugin allows enumerating credentials IDs Moderate
CVE-2023-32261 was published for org.jenkins-ci.plugins:dimensionsscm (Maven) Jul 19, 2023
Spring Security's authorization rules can be misconfigured when using multiple servlets High
CVE-2023-34035 was published for org.springframework.security:spring-security-config (Maven) Jul 18, 2023
Apache Pulsar Function Worker Incorrect Authorization vulnerability Moderate
CVE-2023-37579 was published for org.apache.pulsar:pulsar-functions-worker (Maven) Jul 12, 2023
ProTip! Advisories are also available from the GraphQL API