GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
SOFA Hessian Remote Command Execution (RCE) Vulnerability
High
CVE-2024-46983
was published
for
com.alipay.sofa:hessian
(Maven)
Sep 19, 2024
Apache Wicket: Remote code execution via XSLT injection
High
CVE-2024-36522
was published
for
org.apache.wicket:wicket-util
(Maven)
Jul 12, 2024
SQL Injection in Apache InLong
High
CVE-2023-43667
was published
for
org.apache.inlong:inlong
(Maven)
Oct 16, 2023
ThingsBoard Server-Side Template Injection
High
CVE-2023-45303
was published
for
org.thingsboard:thingsboard
(Maven)
Oct 6, 2023
Apache Ranger code execution vulnerability in policy expressions
High
CVE-2022-45048
was published
for
org.apache.ranger:ranger
(Maven)
Jul 6, 2023
XWiki Platform vulnerable to code injection from view right on XWiki.ClassSheet
High
CVE-2023-29522
was published
for
org.xwiki.platform:xwiki-platform-xclass-ui
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to code injection from account/view through VFS Tree macro
High
CVE-2023-29521
was published
for
org.xwiki.platform:xwiki-platform-vfs-ui
(Maven)
Apr 20, 2023
org.xwiki.platform:xwiki-platform-attachment-ui vulnerable to Code Injection
High
CVE-2023-29519
was published
for
org.xwiki.platform:xwiki-platform-attachment-ui
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to privilege escalation from view right using Invitation.InvitationCommon
High
CVE-2023-29518
was published
for
org.xwiki.platform:xwiki-platform-invitation-ui
(Maven)
Apr 20, 2023
Command injection in Apache Sling
High
CVE-2023-25141
was published
for
org.apache.sling:org.apache.sling.jcr.base
(Maven)
Feb 14, 2023
Apache Tomcat improperly escapes input from JsonErrorReportValve
High
CVE-2022-45143
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 3, 2023
Code injection in Apache NiFi and NiFi Registry
High
CVE-2022-33140
was published
for
org.apache.nifi.registry:nifi-registry-core
(Maven)
Jun 16, 2022
Server-Side Request Forgery in Jodd HTTP
High
CVE-2022-29631
was published
for
org.jodd:jodd-http
(Maven)
Jun 7, 2022
Injection in Jolokia agent
High
CVE-2018-1000130
was published
for
org.jolokia:jolokia-core
(Maven)
May 14, 2022
Opencast RCE Vulnerability
High
CVE-2017-1000217
was published
for
org.opencastproject:base
(Maven)
May 14, 2022
Remote code execution in xwiki-platform
High
CVE-2022-23616
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Feb 9, 2022
pgjdbc Does Not Check Class Instantiation when providing Plugin Classes
High
CVE-2022-21724
was published
for
org.postgresql:postgresql
(Maven)
Feb 2, 2022
An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node.
High
CVE-2020-35213
was published
for
io.atomix:atomix
(Maven)
Dec 17, 2021
Response Splitting from unsanitized headers
High
CVE-2021-41084
was published
for
org.http4s:http4s-client
(Maven)
Sep 22, 2021
HTTP header injection in Sonatype Nexus Repository
High
CVE-2021-40143
was published
for
org.sonatype.nexus:nexus-repository
(Maven)
Sep 8, 2021
Injection in Apache Syncope
High
CVE-2020-1961
was published
for
org.apache.syncope:syncope-core
(Maven)
Jun 16, 2021
Command injection in Apache Unomi
High
CVE-2021-31164
was published
for
org.apache.unomi:unomi
(Maven)
Jun 16, 2021
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-29505
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 18, 2021
Remote Code Execution in SCIMono
High
CVE-2021-21479
was published
for
com.sap.scimono:scimono-server
(Maven)
Feb 10, 2021
Code injection in Apache Ant
High
CVE-2020-11979
was published
for
org.apache.ant:ant
(Maven)
Feb 3, 2021
ProTip!
Advisories are also available from the
GraphQL API