GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
SQL Injection in Apache InLong
High
CVE-2023-43667
was published
for
org.apache.inlong:inlong
(Maven)
Oct 16, 2023
SOFA Hessian Remote Command Execution (RCE) Vulnerability
High
CVE-2024-46983
was published
for
com.alipay.sofa:hessian
(Maven)
Sep 19, 2024
Improper Input Validation in Apache Solr
High
CVE-2019-17558
was published
for
org.apache.solr:solr-core
(Maven)
Feb 12, 2020
Apache Wicket: Remote code execution via XSLT injection
High
CVE-2024-36522
was published
for
org.apache.wicket:wicket-util
(Maven)
Jul 12, 2024
Remote Code Execution (RCE) vulnerability in dropwizard-validation
High
CVE-2020-5245
was published
for
io.dropwizard:dropwizard-validation
(Maven)
Feb 24, 2020
Apache Tomcat improperly escapes input from JsonErrorReportValve
High
CVE-2022-45143
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 3, 2023
Code injection in Apache Ant
High
CVE-2020-11979
was published
for
org.apache.ant:ant
(Maven)
Feb 3, 2021
ThingsBoard Server-Side Template Injection
High
CVE-2023-45303
was published
for
org.thingsboard:thingsboard
(Maven)
Oct 6, 2023
Apache Ranger code execution vulnerability in policy expressions
High
CVE-2022-45048
was published
for
org.apache.ranger:ranger
(Maven)
Jul 6, 2023
XWiki Platform vulnerable to code injection from view right on XWiki.ClassSheet
High
CVE-2023-29522
was published
for
org.xwiki.platform:xwiki-platform-xclass-ui
(Maven)
Apr 20, 2023
org.xwiki.platform:xwiki-platform-attachment-ui vulnerable to Code Injection
High
CVE-2023-29519
was published
for
org.xwiki.platform:xwiki-platform-attachment-ui
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to privilege escalation from view right using Invitation.InvitationCommon
High
CVE-2023-29518
was published
for
org.xwiki.platform:xwiki-platform-invitation-ui
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to code injection from account/view through VFS Tree macro
High
CVE-2023-29521
was published
for
org.xwiki.platform:xwiki-platform-vfs-ui
(Maven)
Apr 20, 2023
Opencast RCE Vulnerability
High
CVE-2017-1000217
was published
for
org.opencastproject:base
(Maven)
May 14, 2022
Command injection in Apache Sling
High
CVE-2023-25141
was published
for
org.apache.sling:org.apache.sling.jcr.base
(Maven)
Feb 14, 2023
An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node.
High
CVE-2020-35213
was published
for
io.atomix:atomix
(Maven)
Dec 17, 2021
HTTP header injection in Sonatype Nexus Repository
High
CVE-2021-40143
was published
for
org.sonatype.nexus:nexus-repository
(Maven)
Sep 8, 2021
Command injection in Apache Unomi
High
CVE-2021-31164
was published
for
org.apache.unomi:unomi
(Maven)
Jun 16, 2021
Injection in Apache Syncope
High
CVE-2020-1961
was published
for
org.apache.syncope:syncope-core
(Maven)
Jun 16, 2021
Remote Code Execution in SCIMono
High
CVE-2021-21479
was published
for
com.sap.scimono:scimono-server
(Maven)
Feb 10, 2021
Server-Side Template Injection
High
CVE-2020-26282
was published
for
com.browserup:browserup-proxy
(Maven)
Dec 24, 2020
RCE in XWiki
High
CVE-2020-15252
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Oct 16, 2020
Code injection in Apache NiFi and NiFi Registry
High
CVE-2022-33140
was published
for
org.apache.nifi.registry:nifi-registry-core
(Maven)
Jun 16, 2022
Server side template injection in Apache Camel
High
CVE-2020-11994
was published
for
org.apache.camel:camel-robotframework
(Maven)
Jul 29, 2020
pgjdbc Does Not Check Class Instantiation when providing Plugin Classes
High
CVE-2022-21724
was published
for
org.postgresql:postgresql
(Maven)
Feb 2, 2022
ProTip!
Advisories are also available from the
GraphQL API