Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,901
Maven
5,000+
npm
3,631
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

37 advisories

Loading
Remote Code Execution in Apache Struts Critical
CVE-2016-3082 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
JGit Improper Input Validation vulnerability Critical
CVE-2014-9390 was published for org.eclipse.jgit:org.eclipse.jgit (Maven) May 17, 2022
Pebble Templates Improper Input Validation vulnerability Critical
CVE-2019-19899 was published for io.pebbletemplates:pebble-project (Maven) May 24, 2022
Remote code execution in Apache Flume Critical
CVE-2022-34916 was published for org.apache.flume.flume-ng-sources:flume-jms-source (Maven) Aug 22, 2022
MySQL JDBC deserialization vulnerability Critical
CVE-2022-39312 was published for io.dataease:dataease-plugin-common (Maven) Oct 18, 2022
aboutbo
Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL Critical
CVE-2022-42468 was published for org.apache.flume.flume-ng-sources:flume-jms-source (Maven) Oct 26, 2022
westonsteimel
Apache Karaf vulnerable to potential code injection Critical
CVE-2022-40145 was published for org.apache.karaf:apache-karaf (Maven) Dec 21, 2022
Apache DolphinScheduler vulnerable to Improper Input Validation Critical
CVE-2022-45875 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Jan 4, 2023
Apache Sling Commons JSON bundle vulnerable to Improper Input Validation Critical
CVE-2022-47937 was published for org.apache.sling:org.apache.sling.commons.json (Maven) May 15, 2023
Apache StreamPark Improper Input Validation vulnerability Critical
CVE-2022-46365 was published for org.apache.streampark:streampark (Maven) Jul 6, 2023
Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService Critical
CVE-2023-40743 was published for axis:axis (Maven) Sep 5, 2023
jkmartindale ebickle
Apache Karaf Cave: Cave SSRF and arbitrary file access Critical
CVE-2024-34365 was published for org.apache.karaf:cave (Maven) May 14, 2024
ProTip! Advisories are also available from the GraphQL API