GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
JFinal file validation vulnerability
High
CVE-2019-17352
was published
for
com.jfinal:jfinal
(Maven)
May 25, 2022
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39154
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39149
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Unrestricted Upload of File with Dangerous Type in Sonatype Nexus Repository Manager
High
CVE-2019-16530
was published
for
org.sonatype.nexus:nexus-repository
(Maven)
May 24, 2022
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39151
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin
High
CVE-2022-30945
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 18, 2022
Arbitrary file write in net.mingsoft:ms-mcms
High
CVE-2022-47042
was published
for
net.mingsoft:ms-mcms
(Maven)
Jan 26, 2023
Unrestricted Upload of File with Dangerous Type in Apache Struts2
High
CVE-2012-1592
was published
for
org.apache.struts:struts2-core
(Maven)
Apr 23, 2022
MCMS vulnerable to arbitrary code execution via crafted thumbnail
High
CVE-2020-22755
was published
for
net.mingsoft:ms-mcms
(Maven)
May 8, 2023
mingSoft MCMS File Upload vulnerability
High
CVE-2024-22567
was published
for
net.mingsoft:ms-mcms
(Maven)
Feb 5, 2024
Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API
High
CVE-2023-51444
was published
for
org.geoserver:gs-platform
(Maven)
Mar 20, 2024
When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server
High
CVE-2017-12615
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
Unrestricted Upload of File with Dangerous Type Apache Tomcat
High
CVE-2017-12617
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Apache StreamPipes has potential remote code execution (RCE) via file upload
High
CVE-2024-31411
was published
for
org.apache.streampipes:streampipes-parent
(Maven)
Jul 17, 2024
ProTip!
Advisories are also available from the
GraphQL API