GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
739 advisories
Filter by severity
Apache Struts file upload logic is flawed
Critical
CVE-2024-53677
was published
for
org.apache.struts:struts2-core
(Maven)
Dec 11, 2024
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
Critical
CVE-2024-23897
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jan 24, 2024
AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s
Critical
CVE-2024-53990
was published
for
org.asynchttpclient:async-http-client
(Maven)
Dec 2, 2024
Apache HugeGraph-Server: Command execution in gremlin
Critical
CVE-2024-27348
was published
for
org.apache.hugegraph:hugegraph-api
(Maven)
Apr 22, 2024
XWiki allows RCE from script right in configurable sections
Critical
CVE-2024-55879
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Dec 12, 2024
XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList
Critical
CVE-2024-55877
was published
for
org.xwiki.platform:xwiki-platform-help-ui
(Maven)
Dec 12, 2024
http4k has a potential XXE (XML External Entity Injection) vulnerability
Critical
CVE-2024-55875
was published
for
org.http4k:http4k-format-xml
(Maven)
Dec 12, 2024
XWiki allows remote code execution through the extension sheet
Critical
CVE-2024-55662
was published
for
org.xwiki.platform:xwiki-platform-repository-server-ui
(Maven)
Dec 12, 2024
Liferay Portal has a Stored XSS with Blog entries (Insecure defaults)
Critical
CVE-2024-25610
was published
for
com.liferay.portal:com.liferay.portal.web
(Maven)
Feb 20, 2024
jFinal Server-Side Template Injection vulnerability
Critical
CVE-2021-31635
was published
for
com.jfinal:jfinal
(Maven)
Jun 26, 2023
Duplicate Advisory: Querydsl SQL/HQL injection
Critical
GHSA-wpvf-5mc3-hv6m
was published
for
com.querydsl:querydsl-apt
(Maven)
Nov 20, 2024
•
withdrawn
Remote Code Execution (RCE) vulnerability in geoserver
Critical
CVE-2024-36401
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jul 1, 2024
Apache Tomcat - Authentication Bypass
Critical
CVE-2024-52316
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
Nov 18, 2024
JSONPath Plus Remote Code Execution (RCE) Vulnerability
Critical
CVE-2024-21534
was published
for
jsonpath-plus
(Maven)
Oct 11, 2024
Apache Seata Deserialization of Untrusted Data vulnerability
Critical
CVE-2024-22399
was published
for
org.apache.seata:seata-core
(Maven)
Sep 16, 2024
Eclipse Parsson stack overflow when parsing deeply nested input
Critical
CVE-2023-7272
was published
for
org.eclipse.parsson:parsson
(Maven)
Jul 17, 2024
Butterfly has path/URL confusion in resource handling leading to multiple weaknesses
Critical
CVE-2024-47883
was published
for
org.openrefine.dependencies:butterfly
(Maven)
Oct 24, 2024
Access Control Bypass in Spring Security
Critical
CVE-2023-34034
was published
for
org.springframework.security:spring-security-config
(Maven)
Jul 19, 2023
Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications
Critical
CVE-2024-38821
was published
for
org.springframework.security:spring-security-web
(Maven)
Oct 28, 2024
Apache Linkis Zip Slip issue
Critical
CVE-2023-27603
was published
for
org.apache.linkis:linkis
(Maven)
Jul 6, 2023
Apache Linkis Unrestricted File Upload vulnerability
Critical
CVE-2023-27602
was published
for
org.apache.linkis:linkis
(Maven)
Jul 6, 2023
Apache StreamPark Path Traversal vulnerability
Critical
CVE-2022-45802
was published
for
org.apache.streampark:streampark-common_2.11
(Maven)
Jul 6, 2023
Apache Linkis Authentication Bypass vulnerability
Critical
CVE-2023-27987
was published
for
org.apache.linkis:linkis
(Maven)
Jul 6, 2023
Deserialization of Untrusted Data in Groovy
Critical
CVE-2016-6814
was published
for
org.codehaus.groovy:groovy
(Maven)
May 13, 2022
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy
Critical
CVE-2015-3253
was published
for
org.codehaus.groovy:groovy
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API