GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
38 advisories
Filter by severity
Remote Code Execution in esigate-core
Critical
CVE-2018-1000854
was published
for
org.esigate:esigate-core
(Maven)
Dec 21, 2018
Remote Code Execution in Apache Synapse
Critical
CVE-2017-15708
was published
for
org.apache.synapse:synapse-core
(Maven)
Nov 4, 2020
Template injection in cron-utils
Critical
CVE-2020-26238
was published
for
com.cronutils:cron-utils
(Maven)
Nov 24, 2020
Expression injection in AviatorScript
Critical
CVE-2021-41862
was published
for
com.googlecode.aviator:aviator
(Maven)
Oct 4, 2021
Command injection leading to Remote Code Execution in Apache Storm
Critical
CVE-2021-38294
was published
for
org.apache.storm:storm
(Maven)
Oct 27, 2021
Injection and Improper Input Validation in Apache Unomi
Critical
CVE-2020-13942
was published
for
org.apache.unomi:unomi
(Maven)
Feb 10, 2022
Server Side Template Injection in MCMS
Critical
CVE-2021-46063
was published
for
net.mingsoft:ms-mcms
(Maven)
Feb 19, 2022
Remote Code Execution in Spring Framework
Critical
CVE-2022-22965
was published
for
org.springframework.boot:spring-boot-starter-web
(Maven)
Mar 31, 2022
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy
Critical
CVE-2015-3253
was published
for
org.codehaus.groovy:groovy
(Maven)
May 13, 2022
Injection in Apache NiFi
Critical
CVE-2017-5636
was published
for
org.apache.nifi:nifi
(Maven)
May 17, 2022
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
Critical
CVE-2014-4172
was published
for
DotNetCasClient
(Composer)
May 17, 2022
Code injection in MCMS
Critical
CVE-2022-30506
was published
for
net.mingsoft:ms-mcms
(Maven)
Jun 3, 2022
Code injection in Apache Commons Configuration
Critical
CVE-2022-33980
was published
for
org.apache.commons:commons-configuration2
(Maven)
Jul 7, 2022
Remote code execution in Apache Flume
Critical
CVE-2022-34916
was published
for
org.apache.flume.flume-ng-sources:flume-jms-source
(Maven)
Aug 22, 2022
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui
Critical
CVE-2022-41934
was published
for
org.xwiki.platform:xwiki-platform-menu-ui
(Maven)
Nov 21, 2022
Code injection in quarkus dev ui config editor
Critical
CVE-2022-4116
was published
for
io.quarkus:quarkus-vertx-http-deployment
(Maven)
Nov 22, 2022
Apache Karaf vulnerable to potential code injection
Critical
CVE-2022-40145
was published
for
org.apache.karaf:apache-karaf
(Maven)
Dec 21, 2022
Apache Kerby LdapIdentityBackend LDAP Injection vulnerability
Critical
CVE-2023-25613
was published
for
org.apache.kerby:ldap-backend
(Maven)
Feb 20, 2023
org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection
Critical
CVE-2023-27479
was published
for
org.xwiki.platform:xwiki-platform-panels-ui
(Maven)
Mar 8, 2023
org.xwiki.platform:xwiki-platform-logging-ui Eval Injection vulnerability
Critical
CVE-2023-29213
was published
for
org.xwiki.platform:xwiki-platform-logging-ui
(Maven)
Apr 12, 2023
Code injection via unescaped translations in xwiki-platform
Critical
CVE-2023-29510
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Apr 19, 2023
xwiki-platform-web-templates vulnerable to Eval Injection
Critical
CVE-2023-29512
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Apr 20, 2023
XWiki vulnerable to Code Injection in template provider administration
Critical
CVE-2023-29514
was published
for
org.xwiki.platform.applications:xwiki-application-administration
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to privilege escalation from view right on XWiki.AttachmentSelector
Critical
CVE-2023-29516
was published
for
org.xwiki.platform:xwiki-platform-attachment-ui
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to code injection in display method used in user profiles
Critical
CVE-2023-29523
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 20, 2023
ProTip!
Advisories are also available from the
GraphQL API