Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
Apache Inlong Code Injection vulnerability High
CVE-2024-36268 was published for org.apache.inlong:tubemq-core (Maven) Aug 2, 2024
OpenAM FreeMarker template injection High
CVE-2024-41667 was published for org.openidentityplatform.openam:openam-oauth2 (Maven) Jul 25, 2024
AfterSnows
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`) High
CVE-2024-28848 was published for org.open-metadata:openmetadata-service (Maven) Apr 24, 2024
pwntester
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`) High
CVE-2024-28847 was published for org.open-metadata:openmetadata-service (Maven) Apr 24, 2024
pwntester
Apache Ambari: authenticated users could perform command injection to perform RCE High
CVE-2023-50379 was published for org.apache.ambari.contrib.views:ambari-contrib-views (Maven) Feb 27, 2024
oscerd
Arbitrary File Read Vulnerability in Apache Dolphinscheduler High
CVE-2023-51770 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
Sandbox escape in Artemis Java Test Sandbox High
CVE-2024-23681 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024
Code injection in mingSoft MCMS High
CVE-2023-51282 was published for net.mingsoft:ms-mcms (Maven) Jan 16, 2024
XWiki Platform vulnerable to privilege escalation and remote code execution via the edit action High
CVE-2023-46243 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Nov 7, 2023
Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet High
CVE-2023-37909 was published for org.xwiki.platform:xwiki-platform-menu (Maven) Oct 25, 2023
hson-java vulnerable to denial of service High
CVE-2023-39685 was published for org.hjson:hjson (Maven) Sep 1, 2023
pf4j vulnerable to remote code execution via loadpluginPath parameter High
CVE-2023-40827 was published for org.pf4j:pf4j (Maven) Aug 29, 2023
pf4j vulnerable to remote code execution via expandIfZip method in the extract function High
CVE-2023-40828 was published for org.pf4j:pf4j (Maven) Aug 29, 2023
pf4j vulnerable to remote code execution via the zippluginPath parameter High
CVE-2023-40826 was published for org.pf4j:pf4j (Maven) Aug 29, 2023
Apache NiFi Code Injection vulnerability High
CVE-2023-36542 was published for org.apache.nifi:nifi-cdc-mysql-bundle (Maven) Jul 29, 2023
Apache NiFi vulnerable to Code Injection High
CVE-2023-34468 was published for org.apache.nifi:nifi-dbcp-base (Maven) Jun 12, 2023
exceptionfactory
Sqlite-jdbc vulnerable to remote code execution when JDBC url is attacker controlled High
CVE-2023-32697 was published for org.xerial:sqlite-jdbc (Maven) May 23, 2023
4390c336
Spring Boot Admins integrated notifier support allows arbitrary code execution High
CVE-2022-46166 was published for de.codecentric:spring-boot-admin (Maven) Dec 9, 2022
Tim-Conrad
Code injection via property expansion in SoapUI High
CVE-2014-1202 was published for com.smartbear.soapui:soapui (Maven) May 17, 2022
q5438722
Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1 High
CVE-2013-1777 was published for org.apache.geronimo.framework:geronimo-jmx-remoting (Maven) May 17, 2022
westonsteimel MarkLee131
Code injection in Apache Struts High
CVE-2013-4316 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Arbitrary code execution in Apache Struts 2 High
CVE-2013-2134 was published for org.apache.struts.xwork:xwork-core (Maven) May 14, 2022
sunSUNQ
Arbitrary code execution in Apache Struts 2 High
CVE-2013-2135 was published for org.apache.struts.xwork:xwork-core (Maven) May 14, 2022
sunSUNQ
Improper Control of Generation of Code in Apache Struts High
CVE-2013-1965 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ MarkLee131
Arbitrary code execution in Apache Struts High
CVE-2013-1966 was published for org.apache.struts.xwork:xwork-core (Maven) May 14, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API