GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
702 advisories
Filter by severity
Jeecg Boot SQL Injection
Critical
CVE-2023-41543
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Dec 30, 2023
Jeecg Boot SQL injection vulnerability
Critical
CVE-2023-41542
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Dec 30, 2023
JeecgBoot server-side template injection
Critical
CVE-2023-41544
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Dec 30, 2023
XML Entity Expansion in Jenkins TestComplete support Plugin
Critical
CVE-2023-24443
was published
for
org.jenkins-ci.plugins:TestComplete
(Maven)
Jan 26, 2023
Session fixation vulnerability in Jenkins Keycloak Authentication Plugin
Critical
CVE-2023-24456
was published
for
org.jenkins-ci.plugins:keycloak
(Maven)
Jan 26, 2023
Improper implementation of the session fixation protection in Infinispan
Critical
CVE-2019-10158
was published
for
org.infinispan:infinispan-core
(Maven)
Jan 21, 2020
Apache Struts vulnerable to remote arbitrary command execution due to improper input validation
Critical
CVE-2017-5638
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 18, 2018
hyavijava stack overflow vulnerability
Critical
CVE-2023-51084
was published
for
com.github:hyavijava
(Maven)
Dec 27, 2023
Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal
Critical
CVE-2017-12611
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 16, 2018
Path Traversal in Apache Struts
Critical
CVE-2016-6795
was published
for
org.apache.struts:struts2-convention-plugin
(Maven)
May 14, 2022
Apache Struts improper action name cleanup
Critical
CVE-2016-4436
was published
for
org.apache.struts:struts2-core
(Maven)
May 17, 2022
Sandbox escape in Jenkins Email Extension Plugin
Critical
CVE-2023-25765
was published
for
org.jenkins-ci.plugins:email-ext
(Maven)
Feb 15, 2023
XML external entity vulnerability on agents in Jenkins MSTest Plugin
Critical
CVE-2023-24441
was published
for
org.jvnet.hudson.plugins:mstest
(Maven)
Jan 26, 2023
Apache InLong Manager Remote Code Execution vulnerability
Critical
CVE-2023-51784
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jan 3, 2024
Apache Struts vulnerable to arbitrary remote code execution due to improper input validation
Critical
CVE-2016-3087
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Improper Access Control in SLF4J
Critical
CVE-2018-8088
was published
for
org.slf4j:slf4j-ext
(Maven)
May 13, 2022
Arbitrary code execution in Apache Struts 2
Critical
CVE-2016-4438
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Remote Code Execution in Apache Struts
Critical
CVE-2016-3082
was published
for
org.apache.struts:struts2-core
(Maven)
May 17, 2022
Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin
Critical
CVE-2019-10328
was published
for
org.jenkins-ci.plugins:workflow-remote-loader
(Maven)
May 24, 2022
Deserialization of Untrusted Data in Flamingo amf-serializer
Critical
CVE-2017-3202
was published
for
com.exadel.flamingo.flex:amf-serializer
(Maven)
May 13, 2022
XML external entity injection in Terracotta Quartz Scheduler
Critical
CVE-2019-13990
was published
for
org.quartz-scheduler:quartz
(Maven)
Jul 1, 2020
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21691
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Deserialization of Untrusted Data in Jenkins
Critical
CVE-2018-1000861
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21695
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Script security sandbox bypass in Jenkins Job DSL Plugin
Critical
CVE-2019-1003034
was published
for
org.jenkins-ci.plugins:job-dsl
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API