GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
724 advisories
Filter by severity
Authorization bypass in Spring Security
Critical
CVE-2022-22978
was published
for
org.springframework.security:spring-security-core
(Maven)
May 20, 2022
Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)
Critical
CVE-2024-47561
was published
for
org.apache.avro:avro-parent
(Maven)
Oct 3, 2024
Jenkins OpenId Connect Authentication Plugin lacks issuer claim validation
Critical
CVE-2024-47807
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Oct 2, 2024
Jenkins OpenId Connect Authentication Plugin lacks audience claim validation
Critical
CVE-2024-47806
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Oct 2, 2024
Deserialization vulnerability in Helix workflow and REST
Critical
CVE-2023-38647
was published
for
org.apache.helix:helix-core
(Maven)
Jul 26, 2023
SQL injection in audit endpoint
Critical
CVE-2023-35088
was published
for
org.apache.inlong:manager-service
(Maven)
Jul 25, 2023
Path Traversal in Apache Shiro
Critical
CVE-2023-34478
was published
for
org.apache.shiro:shiro-web
(Maven)
Jul 24, 2023
Improper JWT Signature Validation in SAP Security Services Library
Critical
CVE-2023-50422
was published
for
com.sap.cloud.security.xsuaa:spring-xsuaa
(Maven)
Dec 13, 2023
Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library
Critical
GHSA-gcgw-q47m-prvj
was published
for
com.sap.cloud.security.xsuaa:spring-xsuaa
(Maven)
Dec 12, 2023
•
withdrawn
Apache Submarine Server Core Incorrect Authorization vulnerability
Critical
CVE-2024-36265
was published
for
apache-submarine
(Maven)
Jun 12, 2024
JGit Improper Input Validation vulnerability
Critical
CVE-2014-9390
was published
for
mercurial
(Maven)
May 17, 2022
DataEase's H2 datasource has a remote command execution risk
Critical
CVE-2024-46997
was published
for
io.dataease:common
(Maven)
Sep 23, 2024
hermes-management is vulnerable to RCE due to Apache commons-jxpath
Critical
GHSA-2gh6-wc3m-g37f
was published
for
pl.allegro.tech.hermes:hermes-management
(Maven)
Sep 17, 2024
Apache IoTDB Grafana Connector vulnerable to Improper Authentication
Critical
CVE-2023-24831
was published
for
apache-iotdb
(Maven)
Apr 17, 2023
SaToken privilege escalation vulnerability
Critical
CVE-2023-44794
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet
Critical
CVE-2024-37901
was published
for
org.xwiki.platform:xwiki-platform-search-ui
(Maven)
Jul 31, 2024
Code injection in stanford-parser
Critical
CVE-2023-39020
was published
for
edu.stanford.nlp:stanford-parser
(Maven)
Jul 28, 2023
Apache DolphinScheduler vulnerable to Improper Input Validation
Critical
CVE-2022-45875
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Jan 4, 2023
Jeecg Boot SQL injection vulnerability
Critical
CVE-2023-41542
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Dec 30, 2023
FitNesse allows execution of arbitrary OS commands
Critical
CVE-2024-28125
was published
for
org.fitnesse:fitnesse
(Maven)
Mar 18, 2024
Deserialization of Untrusted Data in Liferay Portal
Critical
CVE-2020-7961
was published
for
com.liferay.portal:com.liferay.portal.kernel
(Maven)
May 24, 2022
Remote Code Execution in Apache Dolphinscheduler
Critical
CVE-2023-49109
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
Cross-site scripting in Swagger-UI
Critical
CVE-2019-17495
was published
for
io.springfox:springfox-swagger-ui
(Maven)
Oct 15, 2019
Apache James server: Privilege escalation via JMX pre-authentication deserialization
Critical
CVE-2023-51518
was published
for
org.apache.james:james-server
(Maven)
Feb 27, 2024
nGrinder vulnerable to unsafe Java objects deserialization
Critical
CVE-2024-28213
was published
for
org.ngrinder:ngrinder-core
(Maven)
Mar 7, 2024
ProTip!
Advisories are also available from the
GraphQL API