Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,780
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+

703 advisories

Loading
Improper Restriction of XML External Entity Reference in MPXJ Critical
CVE-2020-25020 was published for net.sf.mpxj:mpxj (Maven) May 7, 2021
Apache Dubbo vulnerable to remote code execution via Telnet Handler Critical
CVE-2021-32824 was published for org.apache.dubbo:dubbo-parent (Maven) Jan 3, 2023
Apache Pinot has Groovy Function support enabled by default Critical
CVE-2022-26112 was published for org.apache.pinot:pinot (Maven) Sep 25, 2022
Besu VM vulnerable to gas allocation error in CALL operations Critical
CVE-2022-36025 was published for org.hyperledger.besu:evm (Maven) Sep 23, 2022
holiman
Apache Karaf vulnerable to potential code injection Critical
CVE-2022-40145 was published for org.apache.karaf:apache-karaf (Maven) Dec 21, 2022
Mingsoft MCMS vulnerable to SQL Injection Critical
CVE-2022-4375 was published for net.mingsoft:ms-mcms (Maven) Dec 9, 2022
SQL injection in net.mingsoft:ms-mcms Critical
CVE-2022-23899 was published for net.mingsoft:ms-mcms (Maven) Mar 4, 2022
SQL injection in net.mingsoft:ms-mcms Critical
CVE-2022-23898 was published for net.mingsoft:ms-mcms (Maven) Mar 4, 2022
SQL injection in jflyfox jfinal Critical
CVE-2022-37199 was published for com.jflyfox:jflyfox_jfinal (Maven) Aug 24, 2022
Template injection in thymeleaf-spring5 Critical
CVE-2021-43466 was published for org.thymeleaf:thymeleaf-spring5 (Maven) Nov 10, 2021
SQL injection in jflyfox jfinal Critical
CVE-2022-37223 was published for com.jflyfox:jflyfox_jfinal (Maven) Aug 24, 2022
Mingsoft MCMS SQL injection vulnerability in /mdiy/model/delete URI via models List Critical
CVE-2022-36599 was published for net.mingsoft:ms-mcms (Maven) Aug 17, 2022
Remote code execution in Apache Flume Critical
CVE-2022-34916 was published for org.apache.flume.flume-ng-sources:flume-jms-source (Maven) Aug 22, 2022
Mingsoft MCMS SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter Critical
CVE-2022-36272 was published for net.mingsoft:ms-mcms (Maven) Aug 17, 2022
QOS.ch Logback vulnerable to Deserialization of Untrusted Data Critical
CVE-2017-5929 was published for ch.qos.logback:logback-classic (Maven) Jun 7, 2021
SQL Injection in odata4j Critical
CVE-2016-11023 was published for org.odata4j:odata4j-core (Maven) May 7, 2021
SQL Injection in odata4j Critical
CVE-2016-11024 was published for org.odata4j:odata4j-core (Maven) May 7, 2021
Autobinding vulnerability in MITREid Connect Critical
CVE-2021-27582 was published for org.mitre:openid-connect-parent (Maven) May 13, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts Critical
CVE-2019-0230 was published for org.apache.struts:struts2-core (Maven) Dec 2, 2021
Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution Critical
CVE-2022-23463 was published for com.nepxion:discovery (Maven) Sep 25, 2022
Grails framework Remote Code Execution via Data Binding Critical
CVE-2022-35912 was published for org.grails:grails-databinding (Maven) Jul 21, 2022
Insufficient user input in Apache Jetspeed-2 Critical
CVE-2022-32533 was published for org.apache.portals.jetspeed-2:jetspeed-commons (Maven) Jul 7, 2022
Unrestricted Upload of File with Dangerous Type in MCMS Critical
CVE-2022-31943 was published for net.mingsoft:ms-mcms (Maven) Jul 2, 2022
Timing attack on HMAC signature comparison in Apache Tapestry Critical
CVE-2019-10071 was published for org.apache.tapestry:tapestry-core (Maven) Sep 26, 2019
Hudson XML API susceptible to External Entity Injection Vunerability prior to v3.3.2 Critical
CVE-2015-8031 was published for org.jvnet.hudson.main:hudson-core (Maven) Jul 15, 2022
ProTip! Advisories are also available from the GraphQL API