GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
117 advisories
Filter by severity
XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF token
Critical
CVE-2023-46242
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Nov 7, 2023
Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet
High
CVE-2023-37909
was published
for
org.xwiki.platform:xwiki-platform-menu
(Maven)
Oct 25, 2023
Improper Control of Generation of Code ('Code Injection') in jai-ext
Critical
CVE-2022-24816
was published
for
it.geosolutions.jaiext.jiffle:jt-jiffle
(Maven)
Sep 19, 2023
hson-java vulnerable to denial of service
High
CVE-2023-39685
was published
for
org.hjson:hjson
(Maven)
Sep 1, 2023
pf4j vulnerable to remote code execution via the zippluginPath parameter
High
CVE-2023-40826
was published
for
org.pf4j:pf4j
(Maven)
Aug 29, 2023
pf4j vulnerable to remote code execution via expandIfZip method in the extract function
High
CVE-2023-40828
was published
for
org.pf4j:pf4j
(Maven)
Aug 29, 2023
pf4j vulnerable to remote code execution via loadpluginPath parameter
High
CVE-2023-40827
was published
for
org.pf4j:pf4j
(Maven)
Aug 29, 2023
XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message
Critical
CVE-2023-37914
was published
for
org.xwiki.platform:xwiki-platform-invitation-ui
(Maven)
Aug 18, 2023
Alluxio vulnerable to arbitrary code execution
Critical
CVE-2023-38889
was published
for
org.alluxio:alluxio-parent
(Maven)
Aug 15, 2023
Apache NiFi Code Injection vulnerability
High
CVE-2023-36542
was published
for
org.apache.nifi:nifi-cdc-mysql-bundle
(Maven)
Jul 29, 2023
Code injection in webmagic-core
Critical
CVE-2023-39015
was published
for
us.codecraft:webmagic-core
(Maven)
Jul 28, 2023
Code injection in wix-embedded-mysql
Critical
CVE-2023-39021
was published
for
com.wix:wix-embedded-mysql
(Maven)
Jul 28, 2023
Code injection in BoofCV
Critical
CVE-2023-39010
was published
for
org.boofcv:boofcv-core
(Maven)
Jul 28, 2023
Code injection in oscore
Critical
CVE-2023-39022
was published
for
opensymphony:oscore
(Maven)
Jul 28, 2023
Code injection in Duke
Critical
CVE-2023-39013
was published
for
no.priv.garshol.duke:duke
(Maven)
Jul 28, 2023
Code injection in stanford-parser
Critical
CVE-2023-39020
was published
for
edu.stanford.nlp:stanford-parser
(Maven)
Jul 28, 2023
FFmpeg discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>
Critical
CVE-2023-39018
was published
for
net.bramp.ffmpeg:ffmpeg
(Maven)
Jul 28, 2023
•
withdrawn
RocketMQ NameServer component Code Injection vulnerability
Critical
CVE-2023-37582
was published
for
org.apache.rocketmq:rocketmq-namesrv
(Maven)
Jul 12, 2023
Apache RocketMQ may have remote code execution vulnerability when using update configuration function
Critical
CVE-2023-33246
was published
for
org.apache.rocketmq:rocketmq-broker
(Maven)
Jul 6, 2023
HtmlUnit Code Injection vulnerability
Critical
CVE-2023-26119
was published
for
net.sourceforge.htmlunit:htmlunit
(Maven)
Jul 6, 2023
XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults
Critical
CVE-2023-35152
was published
for
org.xwiki.platform:xwiki-platform-like-ui
(Maven)
Jun 20, 2023
XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application
Critical
CVE-2023-35150
was published
for
org.xwiki.platform:xwiki-platform-invitation-ui
(Maven)
Jun 20, 2023
Apache NiFi vulnerable to Code Injection
High
CVE-2023-34468
was published
for
org.apache.nifi:nifi-dbcp-base
(Maven)
Jun 12, 2023
Sqlite-jdbc vulnerable to remote code execution when JDBC url is attacker controlled
High
CVE-2023-32697
was published
for
org.xerial:sqlite-jdbc
(Maven)
May 23, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui vulnerable to privilege escalation
Critical
CVE-2023-30537
was published
for
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
(Maven)
Apr 12, 2023
ProTip!
Advisories are also available from the
GraphQL API