GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
117 advisories
Filter by severity
Apache Syncope JEXL Code Injection
Moderate
CVE-2014-0111
was published
for
org.apache.syncope:syncope
(Maven)
May 14, 2022
Arbitrary code execution in Apache Struts
High
CVE-2013-1966
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Improper Control of Generation of Code in Apache Struts
High
CVE-2013-1965
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Improper Control of Generation of Code in Apache Camel
Moderate
CVE-2013-4330
was published
for
org.apache.camel:camel-core
(Maven)
May 13, 2022
Richfaces vulnerable to arbitrary code execution
Critical
CVE-2018-14667
was published
for
org.richfaces:richfaces-core
(Maven)
May 13, 2022
Code injection in Apache Struts
High
CVE-2013-2115
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 13, 2022
Apache Tomcat Unrestricted file upload vulnerability
Moderate
CVE-2013-4444
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Improper Control of Generation of Code in Apache Kafka
Moderate
CVE-2018-1288
was published
for
org.apache.kafka:kafka
(Maven)
May 13, 2022
Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode
Moderate
CVE-2012-0394
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 4, 2022
Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console
Critical
CVE-2022-25767
was published
for
com.bstek.ureport:ureport2-console
(Maven)
May 3, 2022
Robocode Arbitrary Code Execution
Moderate
CVE-2007-6382
was published
for
net.sf.robocode:robocode.core
(Maven)
May 1, 2022
Mortbay Jetty CRLF Injection Vulnerability
Moderate
CVE-2007-5615
was published
for
org.mortbay.jetty:jetty
(Maven)
May 1, 2022
Struts ParameterInterceptor vulnerability allows remote command execution
Critical
CVE-2011-3923
was published
for
org.apache.struts:struts2-core
(Maven)
Apr 22, 2022
Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression
Critical
CVE-2022-22963
was published
for
org.springframework.cloud:spring-cloud-function-context
(Maven)
Apr 3, 2022
Remote Code Execution in Spring Framework
Critical
CVE-2022-22965
was published
for
org.springframework.boot:spring-boot-starter-web
(Maven)
Mar 31, 2022
Code injection in Apache Dubbo
Critical
CVE-2021-30180
was published
for
org.apache.dubbo:dubbo
(Maven)
Mar 18, 2022
Code injection in Apache Dubbo
Critical
CVE-2021-30181
was published
for
com.alibaba:dubbo
(Maven)
Mar 18, 2022
Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured
Critical
CVE-2022-22947
was published
for
org.springframework.cloud:spring-cloud-gateway
(Maven)
Mar 4, 2022
Apache Cassandra vulnerable to Code Injection due to unsafe configuration
Critical
CVE-2021-44521
was published
for
org.apache.cassandra:cassandra-all
(Maven)
Feb 12, 2022
Remote code execution in Apache Struts
Critical
CVE-2020-17530
was published
for
org.apache.struts:struts2-core
(Maven)
Feb 9, 2022
Remote code execution in Apache ActiveMQ
Critical
CVE-2020-11998
was published
for
org.apache.activemq:activemq-parent
(Maven)
Feb 9, 2022
Code injection in ShenYu
Critical
CVE-2021-45029
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Code Injection in jackson-databind
High
CVE-2020-24616
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Code injection in spring-cloud-netflix-hystrix-dashboard
High
CVE-2021-22053
was published
for
org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard
(Maven)
Nov 23, 2021
Critical vulnerability found in cron-utils
Critical
CVE-2021-41269
was published
for
com.cronutils:cron-utils
(Maven)
Nov 15, 2021
ProTip!
Advisories are also available from the
GraphQL API