Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

702 advisories

Loading
XXL-JOB contains a Command execution vulnerability in background tasks Critical
CVE-2022-40929 was published for com.xuxueli:xxl-job-core (Maven) Sep 29, 2022
Apache Zeppelin remote code execution by adding malicious JDBC connection string Critical
CVE-2024-31864 was published for org.apache.zeppelin:zeppelin-jdbc (Maven) Apr 9, 2024
oscerd
Apache HugeGraph-Server: Command execution in gremlin Critical
CVE-2024-27348 was published for org.apache.hugegraph:hugegraph-api (Maven) Apr 22, 2024
Remote code execution in DolphinScheduler Critical
CVE-2020-11974 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 9, 2022
Central Dogma Authentication Bypass Vulnerability via Session Leakage Critical
CVE-2024-1143 was published for com.linecorp.centraldogma:centraldogma-server (Maven) Feb 2, 2024
minwoox
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`) Critical
CVE-2024-28253 was published for org.open-metadata:openmetadata-service (Maven) Apr 23, 2024
pwntester
Apache ActiveMQ Apollo XXE Vulnerability Critical
CVE-2014-3579 was published for org.apache.activemq:apollo-project (Maven) May 14, 2022
MarkLee131
XWiki Platform remote code execution from account through UIExtension parameters Critical
CVE-2024-31997 was published for org.xwiki.platform:xwiki-platform-uiextension-api (Maven) Apr 10, 2024
Credential leak in org.apache.directory.api:apache-ldap-api Critical
CVE-2018-1337 was published for org.apache.directory.api:apache-ldap-api (Maven) Nov 9, 2018
SQL Injection in hive-jdbc Critical
CVE-2018-1282 was published for org.apache.hive:hive-jdbc (Maven) Nov 21, 2018
Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization Critical
CVE-2018-1295 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018
Expected Behavior Violation in Apache Tomcat Critical
CVE-2017-5651 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 13, 2022
sunSUNQ westonsteimel
Exposure of Resource to Wrong Sphere in Apache Tomcat Critical
CVE-2017-5648 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 13, 2022
sunSUNQ westonsteimel
Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat Critical
CVE-2016-5018 was published for org.apache.tomcat.embed:tomcat-embed-jasper (Maven) May 13, 2022
sunSUNQ westonsteimel
Authorization Bypass in Spring Security Critical
CVE-2014-3527 was published for org.springframework.security:spring-security-core (Maven) Sep 15, 2020
MarkLee131
H2O local file inclusion vulnerability Critical
CVE-2023-6038 was published for ai.h2o:h2o-core (Maven) Nov 16, 2023
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability Critical
CVE-2014-4172 was published for DotNetCasClient (Composer) May 17, 2022
MarkLee131
Apache Tika allows Java code execution for serialized objects embedded in MATLAB files Critical
CVE-2016-6809 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
MarkLee131
Remote code execution occurs in Apache Solr Critical
CVE-2017-12629 was published for org.apache.solr:solr-core (Maven) Oct 17, 2018
MarkLee131
XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution Critical
CVE-2024-31996 was published for org.xwiki.commons:xwiki-commons-velocity (Maven) Apr 10, 2024
XWiki Platform CSRF remote code execution through the realtime HTML Converter API Critical
CVE-2024-31988 was published for org.xwiki.platform:xwiki-platform-realtime-ui (Maven) Apr 10, 2024
XWiki Platform remote code execution from account via custom skins support Critical
CVE-2024-31987 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 10, 2024
XWiki Platform CSRF remote code execution through scheduler job's document reference Critical
CVE-2024-31986 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Apr 10, 2024
XWiki Platform: Remote code execution through space title and Solr space facet Critical
CVE-2024-31984 was published for org.xwiki.platform:xwiki-platform-search-solr-ui (Maven) Apr 10, 2024
XWiki Platform: Remote code execution from edit in multilingual wikis via translations Critical
CVE-2024-31983 was published for org.xwiki.platform:xwiki-platform-localization-source-wiki (Maven) Apr 10, 2024
ProTip! Advisories are also available from the GraphQL API