GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
40 advisories
In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization
High
CVE-2026-41731
was published
for
org.springframework.kafka:spring-kafka
(Maven)
Jun 10, 2026
quarkus-openapi-generator extension has Zip Slip Path Traversal in ApicurioCodegenWrapper class
Moderate
CVE-2026-40180
was published
for
io.quarkiverse.openapi.generator:quarkus-openapi-generator
(Maven)
Apr 8, 2026
Apache SkyWalking has a stored XSS vulnerability
Moderate
CVE-2025-54057
was published
for
org.apache.skywalking:apm-webapp
(Maven)
Nov 27, 2025
Apache Seata Vulnerable to Deserialization of Untrusted Data
Low
CVE-2025-32897
was published
for
org.apache.seata:seata-config-core
(Maven)
Jun 28, 2025
Apache Hadoop: Temporary File Local Information Disclosure
Low
CVE-2024-23454
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Sep 25, 2024
Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability
High
CVE-2024-39928
was published
for
org.apache.linkis:linkis-engineplugin-spark
(Maven)
Sep 25, 2024
Apache Pinot: Unauthorized endpoint exposed sensitive information
High
CVE-2024-39676
was published
for
org.apache.pinot:pinot-controller
(Maven)
Jul 24, 2024
Apache RocketMQ Vulnerable to Unauthorized Exposure of Sensitive Data
Moderate
CVE-2024-23321
was published
for
org.apache.rocketmq:rocketmq-all
(Maven)
Jul 22, 2024
Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation
Critical
CVE-2024-29868
was published
for
org.apache.streampipes:streampipes-resource-management
(Maven)
Jun 24, 2024
Apache Hive Code Injection vulnerability
Moderate
CVE-2023-35701
was published
for
org.apache.hive:hive-jdbc
(Maven)
May 3, 2024
Apache Zeppelin: LDAP search filter query Injection Vulnerability
Moderate
CVE-2024-31867
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Apache Zeppelin vulnerable to cross-site scripting in the helium module
Moderate
CVE-2024-31868
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Apr 9, 2024
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges
Moderate
CVE-2024-31865
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Apache Zeppelin remote code execution by adding malicious JDBC connection string
Critical
CVE-2024-31864
was published
for
org.apache.zeppelin:zeppelin-jdbc
(Maven)
Apr 9, 2024
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
Moderate
CVE-2024-29834
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Apr 2, 2024
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
Moderate
CVE-2024-29133
was published
for
org.apache.commons:commons-configuration2
(Maven)
Mar 21, 2024
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
Moderate
CVE-2024-29131
was published
for
org.apache.commons:commons-configuration2
(Maven)
Mar 21, 2024
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
Moderate
CVE-2024-24549
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Mar 13, 2024
Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution
High
CVE-2024-27135
was published
for
org.apache.pulsar:pulsar-functions-worker
(Maven)
Mar 12, 2024
Apache Pulsar: Improper Authorization For Topic-Level Policy Management
Moderate
CVE-2024-28098
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Mar 12, 2024
Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying
High
CVE-2024-27894
was published
for
org.apache.pulsar:pulsar-functions-worker
(Maven)
Mar 12, 2024
Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification
Critical
CVE-2024-27317
was published
for
org.apache.pulsar:pulsar-functions-worker
(Maven)
Mar 12, 2024
Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint
High
CVE-2022-34321
was published
for
org.apache.pulsar:pulsar-proxy
(Maven)
Mar 12, 2024
Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged
Moderate
CVE-2023-50740
was published
for
org.apache.linkis:linkis
(Maven)
Mar 6, 2024
Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability
Critical
CVE-2024-26580
was published
for
org.apache.inlong:manager-common
(Maven)
Mar 6, 2024
ProTip!
Advisories are also available from the
GraphQL API