Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

728 advisories

Loading
Unrestricted Upload of File with Dangerous Type in MCMS Critical
CVE-2022-31943 was published for net.mingsoft:ms-mcms (Maven) Jul 2, 2022
Timing attack on HMAC signature comparison in Apache Tapestry Critical
CVE-2019-10071 was published for org.apache.tapestry:tapestry-core (Maven) Sep 26, 2019
Hudson XML API susceptible to External Entity Injection Vunerability prior to v3.3.2 Critical
CVE-2015-8031 was published for org.jvnet.hudson.main:hudson-core (Maven) Jul 15, 2022
Deserialization of Untrusted Data and Code Injection in xstream Critical
CVE-2019-10173 was published for com.thoughtworks.xstream:xstream (Maven) Jul 26, 2019
SpEL Injection in Spring Data MongoDB Critical
CVE-2022-22980 was published for org.springframework.data:spring-data-mongodb (Maven) Jun 24, 2022
rthorpeii
Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml Critical
CVE-2019-3773 was published for org.springframework.ws:spring-ws (Maven) Jan 25, 2019
Improper Authorization in Apache Shiro Critical
CVE-2022-32532 was published for org.apache.shiro:shiro-core (Maven) Jun 30, 2022
Apache Camel Netty enables Java deserialization by default Critical
CVE-2020-11973 was published for org.apache.camel:camel-netty (Maven) May 21, 2020
HyperSQL DataBase vulnerable to remote code execution when processing untrusted input Critical
CVE-2022-41853 was published for org.hsqldb:hsqldb (Maven) Oct 6, 2022
lukaseder
Improper Restriction of XML External Entity Reference in Stanford CoreNLP Critical
CVE-2021-3878 was published for edu.stanford.nlp:stanford-corenlp (Maven) May 24, 2022
Code injection in MCMS Critical
CVE-2022-30506 was published for net.mingsoft:ms-mcms (Maven) Jun 3, 2022
Expression Language Injection in Apache Struts Critical
CVE-2021-31805 was published for org.apache.struts:struts2-core (Maven) Apr 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Critical
CVE-2017-1000362 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Improper Restriction of XML External Entity Reference in Liquibase Critical
CVE-2022-0839 was published for org.liquibase:liquibase-core (Maven) Mar 5, 2022
Quarkus does not terminate HTTP requests header context Critical
CVE-2022-2466 was published for io.quarkus:quarkus-core-parent (Maven) Sep 1, 2022
XWiki Platform Mentions UI vulnerable to Cross-site Scripting Critical
CVE-2022-36098 was published for org.xwiki.platform:xwiki-platform-mentions-ui (Maven) Sep 16, 2022
Improper Restriction of XML External Entity Reference in Mulesoft APIkit Critical
CVE-2020-10991 was published for rg.mule.modules:mule-apikit-module (Maven) May 24, 2022
Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop Critical
CVE-2012-4449 was published for org.apache.hadoop:hadoop-client (Maven) May 17, 2022
Unescaped control characters in Gitblit Critical
CVE-2022-31267 was published for com.gitblit:gitblit (Maven) May 22, 2022
dom4j allows External Entities by default which might enable XXE attacks Critical
CVE-2020-10683 was published for dom4j:dom4j (Maven) Jun 5, 2020
Deserialization of Untrusted Data in Spring AMQP Critical
CVE-2017-8045 was published for org.springframework.amqp:spring-amqp (Maven) May 17, 2022
Neo4j Graph Database vulnerable to Path Traversal Critical
CVE-2021-42767 was published for org.neo4j.procedure:apoc (Maven) Feb 1, 2022
ngrodum
Improper Restriction of Recursive Entity References in Apache XMLBeans Critical
CVE-2021-23926 was published for org.apache.xmlbeans:xmlbeans (Maven) Jun 16, 2021
Deserialization of Untrusted Data in JYaml Critical
CVE-2020-8441 was published for org.jyaml:jyaml (Maven) May 24, 2022
Improper Restriction of XML External Entity Reference in Apache ActiveMQ Critical
CVE-2015-3208 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database