Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,198
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,702
NuGet
660
pip
3,328
Pub
11
RubyGems
883
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

71 advisories

Loading
JSONPath Plus Remote Code Execution (RCE) Vulnerability Critical
CVE-2024-21534 was published for jsonpath-plus (Maven) Oct 11, 2024
jdong10
XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet Critical
CVE-2024-37901 was published for org.xwiki.platform:xwiki-platform-search-ui (Maven) Jul 31, 2024
Code injection in stanford-parser Critical
CVE-2023-39020 was published for edu.stanford.nlp:stanford-parser (Maven) Jul 28, 2023
aikebah
Remote Code Execution in Apache Dolphinscheduler Critical
CVE-2023-49109 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
Apache Dolphinscheduler Code Injection vulnerability Critical
CVE-2024-43202 was published for org.apache.dolphinscheduler:dolphinscheduler-task-api (Maven) Aug 20, 2024
XWiki Platform allows remote code execution from user account Critical
CVE-2024-37899 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 20, 2024
Remote Code Execution (RCE) vulnerability in geoserver Critical
CVE-2024-36401 was published for org.geoserver.web:gs-web-app (Maven) Jul 1, 2024
sikeoka jodygarnett
Remote code execution in Spring Cloud Data Flow Critical
CVE-2024-37084 was published for org.springframework.cloud:spring-cloud-skipper (Maven) Jul 25, 2024
Spring Security OAuth vulnerable to remote code execution (RCE) Critical
CVE-2018-1260 was published for org.springframework.security.oauth:spring-security-oauth2 (Maven) Oct 18, 2018
MikeMoore63 SunBK201
Apache Zeppelin remote code execution by adding malicious JDBC connection string Critical
CVE-2024-31864 was published for org.apache.zeppelin:zeppelin-jdbc (Maven) Apr 9, 2024
oscerd
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`) Critical
CVE-2024-28253 was published for org.open-metadata:openmetadata-service (Maven) Apr 23, 2024
pwntester
Spring Data Commons remote code injection vulnerability Critical
CVE-2018-1273 was published for org.springframework.data:spring-data-commons (Maven) Oct 17, 2018
sharonbz MarkLee131
r3kumar
Remote code execution in Apache ActiveMQ Critical
CVE-2020-11998 was published for org.apache.activemq:activemq-parent (Maven) Feb 9, 2022
sunSUNQ
FFmpeg discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor> Critical
CVE-2023-39018 was published for net.bramp.ffmpeg:ffmpeg (Maven) Jul 28, 2023 withdrawn
Improperly Implemented Security Check for Standard in org.springframework:spring-core Critical
CVE-2018-1275 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ MarkLee131
Beetl Server-Side Template Injection vulnerability Critical
CVE-2024-22533 was published for com.ibeetl:beetl-core (Maven) Feb 2, 2024
yoshizawa-masatoshi
Apache Derby: LDAP injection vulnerability in authenticator Critical
CVE-2022-46337 was published for org.apache.derby:derby (Maven) Nov 20, 2023
pdeslaur
Arbitrary code execution in Apache Commons Text Critical
CVE-2022-42889 was published for com.guicedee.services:commons-text (Maven) Oct 13, 2022
XWiki Remote Code Execution Vulnerability via User Registration Critical
CVE-2024-21650 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Jan 8, 2024
JeecgBoot server-side template injection Critical
CVE-2023-41544 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Dec 30, 2023
Apache InLong Manager Remote Code Execution vulnerability Critical
CVE-2023-51784 was published for org.apache.inlong:manager-pojo (Maven) Jan 3, 2024
Remote code execution/programming rights with configuration section from any user account Critical
CVE-2023-50723 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Dec 16, 2023
Remote code execution from account through SearchAdmin Critical
CVE-2023-50721 was published for org.xwiki.platform:xwiki-platform-search-ui (Maven) Dec 16, 2023
HtmlUnit Code Injection vulnerability Critical
CVE-2023-26119 was published for net.sourceforge.htmlunit:htmlunit (Maven) Jul 6, 2023
Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request Critical
CVE-2023-48887 was published for org.jupiter-rpc:jupiter-rpc (Maven) Dec 2, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database