GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+
27,557 advisories
Filter by severity
Cross-Site Request Forgery in JFinalCMS via /admin/category/update
High
CVE-2023-49395
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/category/save
High
CVE-2023-49396
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/div/update
High
CVE-2023-49381
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/category/updateStatus
High
CVE-2023-49397
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via admin/nav/delete
High
CVE-2023-49448
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/category/delete
High
CVE-2023-49398
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/slide/update
High
CVE-2023-49374
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/friend_link/update
High
CVE-2023-49375
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via the component /admin/friend_link/save
High
CVE-2023-49379
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS
High
CVE-2023-49376
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/tag/update
High
CVE-2023-49377
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/friend_link/delete
High
CVE-2023-49380
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS
High
CVE-2023-49372
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS
High
CVE-2023-49373
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/form/save
High
CVE-2023-49378
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability
High
CVE-2023-41835
was published
for
org.apache.struts:struts2-core
(Maven)
Dec 5, 2023
Ajax Pro Cross-site Scripting
Moderate
CVE-2023-49289
was published
for
AjaxNetProfessional
(NuGet)
Dec 5, 2023
Go package github.com/edgelesssys/marblerun CLI commands susceptible to MITM attacks
High
GHSA-j3rq-4xjw-xg63
was published
for
github.com/edgelesssys/marblerun
(Go)
Dec 4, 2023
HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL
Critical
CVE-2023-49093
was published
for
org.htmlunit:htmlunit
(Maven)
Dec 4, 2023
Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download
Critical
CVE-2023-48910
was published
for
io.github.microcks:microcks
(Maven)
Dec 4, 2023
ThinkAdmin arbitrary file upload vulnerability
High
CVE-2023-48966
was published
for
zoujingli/thinkadmin
(Composer)
Dec 4, 2023
Solon is vulnerable to Deserialization of Untrusted Data
Critical
CVE-2023-48967
was published
for
org.noear:solon
(Maven)
Dec 4, 2023
Logging of the firestore key within nodejs-firestore
Moderate
CVE-2023-6460
was published
for
@google-cloud/firestore
(npm)
Dec 4, 2023
Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data
High
CVE-2023-6481
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 4, 2023
ProTip!
Advisories are also available from the
GraphQL API