GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,778
Maven
5,000+
npm
3,544
NuGet
619
pip
3,128
Pub
10
RubyGems
838
Rust
791
Swift
34
Unreviewed advisories
All unreviewed
5,000+
702 advisories
Filter by severity
Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml
Critical
CVE-2019-3773
was published
for
org.springframework.ws:spring-ws
(Maven)
Jan 25, 2019
SpEL Injection in Spring Data MongoDB
Critical
CVE-2022-22980
was published
for
org.springframework.data:spring-data-mongodb
(Maven)
Jun 24, 2022
Deserialization of Untrusted Data and Code Injection in xstream
Critical
CVE-2019-10173
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Jul 26, 2019
Hudson XML API susceptible to External Entity Injection Vunerability prior to v3.3.2
Critical
CVE-2015-8031
was published
for
org.jvnet.hudson.main:hudson-core
(Maven)
Jul 15, 2022
Timing attack on HMAC signature comparison in Apache Tapestry
Critical
CVE-2019-10071
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Sep 26, 2019
Unrestricted Upload of File with Dangerous Type in MCMS
Critical
CVE-2022-31943
was published
for
net.mingsoft:ms-mcms
(Maven)
Jul 2, 2022
Insufficient user input in Apache Jetspeed-2
Critical
CVE-2022-32533
was published
for
org.apache.portals.jetspeed-2:jetspeed-commons
(Maven)
Jul 7, 2022
Grails framework Remote Code Execution via Data Binding
Critical
CVE-2022-35912
was published
for
org.grails:grails-databinding
(Maven)
Jul 21, 2022
Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution
Critical
CVE-2022-23463
was published
for
com.nepxion:discovery
(Maven)
Sep 25, 2022
Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts
Critical
CVE-2019-0230
was published
for
org.apache.struts:struts2-core
(Maven)
Dec 2, 2021
Autobinding vulnerability in MITREid Connect
Critical
CVE-2021-27582
was published
for
org.mitre:openid-connect-parent
(Maven)
May 13, 2021
SQL Injection in odata4j
Critical
CVE-2016-11024
was published
for
org.odata4j:odata4j-core
(Maven)
May 7, 2021
QOS.ch Logback vulnerable to Deserialization of Untrusted Data
Critical
CVE-2017-5929
was published
for
ch.qos.logback:logback-classic
(Maven)
Jun 7, 2021
SQL Injection in odata4j
Critical
CVE-2016-11023
was published
for
org.odata4j:odata4j-core
(Maven)
May 7, 2021
Mingsoft MCMS SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter
Critical
CVE-2022-36272
was published
for
net.mingsoft:ms-mcms
(Maven)
Aug 17, 2022
Remote code execution in Apache Flume
Critical
CVE-2022-34916
was published
for
org.apache.flume.flume-ng-sources:flume-jms-source
(Maven)
Aug 22, 2022
Mingsoft MCMS SQL injection vulnerability in /mdiy/model/delete URI via models List
Critical
CVE-2022-36599
was published
for
net.mingsoft:ms-mcms
(Maven)
Aug 17, 2022
SQL injection in jflyfox jfinal
Critical
CVE-2022-37223
was published
for
com.jflyfox:jflyfox_jfinal
(Maven)
Aug 24, 2022
Template injection in thymeleaf-spring5
Critical
CVE-2021-43466
was published
for
org.thymeleaf:thymeleaf-spring5
(Maven)
Nov 10, 2021
SQL injection in jflyfox jfinal
Critical
CVE-2022-37199
was published
for
com.jflyfox:jflyfox_jfinal
(Maven)
Aug 24, 2022
SQL injection in net.mingsoft:ms-mcms
Critical
CVE-2022-23898
was published
for
net.mingsoft:ms-mcms
(Maven)
Mar 4, 2022
SQL injection in net.mingsoft:ms-mcms
Critical
CVE-2022-23899
was published
for
net.mingsoft:ms-mcms
(Maven)
Mar 4, 2022
Mingsoft MCMS vulnerable to SQL Injection
Critical
CVE-2022-4375
was published
for
net.mingsoft:ms-mcms
(Maven)
Dec 9, 2022
Apache Karaf vulnerable to potential code injection
Critical
CVE-2022-40145
was published
for
org.apache.karaf:apache-karaf
(Maven)
Dec 21, 2022
Besu VM vulnerable to gas allocation error in CALL operations
Critical
CVE-2022-36025
was published
for
org.hyperledger.besu:evm
(Maven)
Sep 23, 2022
ProTip!
Advisories are also available from the
GraphQL API