GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
698 advisories
Filter by severity
Besu VM vulnerable to gas allocation error in CALL operations
Critical
CVE-2022-36025
was published
for
org.hyperledger.besu:evm
(Maven)
Sep 23, 2022
Apache Pinot has Groovy Function support enabled by default
Critical
CVE-2022-26112
was published
for
org.apache.pinot:pinot
(Maven)
Sep 25, 2022
Apache Dubbo vulnerable to remote code execution via Telnet Handler
Critical
CVE-2021-32824
was published
for
org.apache.dubbo:dubbo-parent
(Maven)
Jan 3, 2023
Improper Restriction of XML External Entity Reference in MPXJ
Critical
CVE-2020-25020
was published
for
net.sf.mpxj:mpxj
(Maven)
May 7, 2021
Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin
Critical
CVE-2019-10458
was published
for
org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline
(Maven)
May 24, 2022
Apache Jena vulnerable to Deserialization of Untrusted Data
Critical
CVE-2022-45136
was published
for
org.apache.jena:jena-sdb
(Maven)
Nov 14, 2022
Apache Shiro Authentication Bypass vulnerability
Critical
CVE-2022-40664
was published
for
org.apache.shiro:shiro-core
(Maven)
Oct 12, 2022
RichFaces vulnerable to Expression Language Injection
Critical
CVE-2018-12532
was published
for
org.richfaces:richfaces-core
(Maven)
May 13, 2022
Arbitrary code execution in Richfaces
Critical
CVE-2018-12533
was published
for
org.richfaces:richfaces-core
(Maven)
May 13, 2022
Apache Geode unsafe deserialization in TcpServer
Critical
CVE-2017-15692
was published
for
org.apache.geode:geode-core
(Maven)
May 14, 2022
XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider
Critical
CVE-2022-39387
was published
for
org.xwiki.contrib.oidc:oidc-authenticator
(Maven)
Nov 4, 2022
Mingsoft MCMS vulnerable to Remote Code Execution via file upload.
Critical
CVE-2021-46386
was published
for
net.mingsoft:ms-mcms
(Maven)
Jan 27, 2022
Command injection in Apache DolphinScheduler Alert Plugins
Critical
CVE-2022-45462
was published
for
org.apache.dolphinscheduler:dolphinscheduler-alert-plugins
(Maven)
Nov 23, 2022
Improper Verification of Cryptographic Signature in Apache Pulsar in TensorFlow
Critical
CVE-2021-22160
was published
for
org.apache.pulsar:pulsar
(Maven)
Jun 1, 2021
Apache NiFi XSS issue in context path handling
Critical
CVE-2017-15697
was published
for
org.apache.nifi:nifi
(Maven)
May 14, 2022
Exposure of Sensitive Information in Jenkins Core
Critical
CVE-2016-0791
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Injection in Apache NiFi
Critical
CVE-2017-5636
was published
for
org.apache.nifi:nifi
(Maven)
May 17, 2022
Code injection in quarkus dev ui config editor
Critical
CVE-2022-4116
was published
for
io.quarkus:quarkus-vertx-http-deployment
(Maven)
Nov 22, 2022
keycloak Self Stored Cross-site Scripting vulnerability
Critical
CVE-2021-20195
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 8, 2021
Dataease v1.11.1 SQL Injection via parameter dataSourceId
Critical
CVE-2022-34115
was published
for
io.dataease:dataease-plugin-common
(Maven)
Jul 23, 2022
MySQL JDBC deserialization vulnerability
Critical
CVE-2022-39312
was published
for
io.dataease:dataease-plugin-common
(Maven)
Oct 18, 2022
Apache Cassandra vulnerable to Code Injection due to unsafe configuration
Critical
CVE-2021-44521
was published
for
org.apache.cassandra:cassandra-all
(Maven)
Feb 12, 2022
Apache Solr Improper Input Validation and Path Traversal
Critical
CVE-2021-44548
was published
for
org.apache.solr:solr-parent
(Maven)
Jan 6, 2022
Serialization vulnerability in Apache Tapestry
Critical
CVE-2020-17531
was published
for
org.apache.tapestry:tapestry-project
(Maven)
Feb 9, 2022
fs2-io skips mTLS client verification
Critical
CVE-2022-31183
was published
for
co.fs2:fs2-io
(Maven)
Jul 29, 2022
ProTip!
Advisories are also available from the
GraphQL API