Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

37 advisories

Loading
Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal Critical
CVE-2017-12611 was published for org.apache.struts:struts2-core (Maven) Oct 16, 2018
sunSUNQ
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character Critical
CVE-2017-7676 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Spring Data Commons remote code injection vulnerability Critical
CVE-2018-1273 was published for org.springframework.data:spring-data-commons (Maven) Oct 17, 2018
sharonbz MarkLee131
r3kumar
Apache Struts vulnerable to remote arbitrary command execution due to improper input validation Critical
CVE-2017-5638 was published for org.apache.struts:struts2-core (Maven) Oct 18, 2018
sunSUNQ
Improper Input Validation in alilibaba:fastjson Critical
CVE-2017-18349 was published for com.alibaba:fastjson (Maven) Oct 24, 2018
Improper Input Validation in net.sf.robocode:robocode.host allows for external service interaction Critical
CVE-2019-10648 was published for net.sf.robocode:robocode.host (Maven) Apr 2, 2019
Negative charge in shopping cart in Shopizer Critical
CVE-2020-11007 was published for com.shopizer:sm-core-model (Maven) Apr 22, 2020
Remote code execution in Apache Commons Configuration Critical
CVE-2020-1953 was published for org.apache.commons:commons-configuration2 (Maven) May 21, 2020
keycloak Self Stored Cross-site Scripting vulnerability Critical
CVE-2021-20195 was published for org.keycloak:keycloak-core (Maven) Jun 8, 2021
Policies not properly enforced in OWASP Java HTML Sanitizer Critical
CVE-2021-42575 was published for com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer (Maven) Oct 19, 2021
Remote code injection in Log4j Critical
CVE-2021-44228 was published for com.guicedee.services:log4j-core (Maven) Dec 10, 2021
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library Critical
GHSA-3qpm-h9ch-px3c was published for org.powernukkit:powernukkit (Maven) Jan 6, 2022
LoboMetalurgico PleaseInsertNameHere
Apache Solr Improper Input Validation and Path Traversal Critical
CVE-2021-44548 was published for org.apache.solr:solr-parent (Maven) Jan 6, 2022
Security Advisory for "Log4Shell" Critical
GHSA-v57x-gxfj-484q was published for com.hazelcast.jet:hazelcast-jet (Maven) Jan 21, 2022
frant-hartm
Injection and Improper Input Validation in Apache Unomi Critical
CVE-2020-13942 was published for org.apache.unomi:unomi (Maven) Feb 10, 2022
Remote code execution in PATCH requests in Spring Data REST Critical
CVE-2017-8046 was published for org.springframework.data:spring-data-rest-core (Maven) May 13, 2022
Improper Input Validation in JGroups Critical
CVE-2016-2141 was published for org.jgroups:jgroups (Maven) May 13, 2022
sharonbz
Hostname verification in Apache HttpClient 4.3 was disabled by default Critical
CVE-2013-4366 was published for org.apache.httpcomponents:httpclient (Maven) May 13, 2022
briandealwis MarkLee131
Code execution in Apache Struts 1 plugin Critical
CVE-2017-9791 was published for org.apache.struts:struts2-struts1-plugin (Maven) May 13, 2022
Improper Input Validation in Spring AMQP Critical
CVE-2016-2173 was published for org.springframework.amqp:spring-amqp (Maven) May 13, 2022
Improper Input Validation in Apache ActiveMQ Critical
CVE-2015-5254 was published for org.apache.activemq:activemq-client (Maven) May 13, 2022
sunSUNQ
Arbitrary code execution in Apache Struts 2 Critical
CVE-2016-4438 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ
Apache Struts vulnerable to arbitrary remote code execution due to improper input validation Critical
CVE-2016-3087 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ
Improper Input Validation in Apache ActiveMQ Critical
CVE-2016-3088 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
sunSUNQ
Apache NiFi XSS issue in context path handling Critical
CVE-2017-15697 was published for org.apache.nifi:nifi (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database