Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

40 advisories

Loading
OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF) High
CVE-2024-47879 was published for org.openrefine:main (Maven) Oct 24, 2024
wetneb
Apache Inlong Code Injection vulnerability High
CVE-2024-36268 was published for org.apache.inlong:tubemq-core (Maven) Aug 2, 2024
XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader High
CVE-2024-37900 was published for org.xwiki.platform:xwiki-platform-web-war (Maven) Jul 31, 2024
RoboGR00t
OpenAM FreeMarker template injection High
CVE-2024-41667 was published for org.openidentityplatform.openam:openam-oauth2 (Maven) Jul 25, 2024
AfterSnows
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`) High
CVE-2024-28848 was published for org.open-metadata:openmetadata-service (Maven) Apr 24, 2024
pwntester
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`) High
CVE-2024-28847 was published for org.open-metadata:openmetadata-service (Maven) Apr 24, 2024
pwntester
Apache Ambari: authenticated users could perform command injection to perform RCE High
CVE-2023-50379 was published for org.apache.ambari.contrib.views:ambari-contrib-views (Maven) Feb 27, 2024
oscerd
Arbitrary File Read Vulnerability in Apache Dolphinscheduler High
CVE-2023-51770 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
Sandbox escape in Artemis Java Test Sandbox High
CVE-2024-23681 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024
Code injection in mingSoft MCMS High
CVE-2023-51282 was published for net.mingsoft:ms-mcms (Maven) Jan 16, 2024
XWiki Platform vulnerable to privilege escalation and remote code execution via the edit action High
CVE-2023-46243 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Nov 7, 2023
Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet High
CVE-2023-37909 was published for org.xwiki.platform:xwiki-platform-menu (Maven) Oct 25, 2023
hson-java vulnerable to denial of service High
CVE-2023-39685 was published for org.hjson:hjson (Maven) Sep 1, 2023
pf4j vulnerable to remote code execution via loadpluginPath parameter High
CVE-2023-40827 was published for org.pf4j:pf4j (Maven) Aug 29, 2023
pf4j vulnerable to remote code execution via expandIfZip method in the extract function High
CVE-2023-40828 was published for org.pf4j:pf4j (Maven) Aug 29, 2023
pf4j vulnerable to remote code execution via the zippluginPath parameter High
CVE-2023-40826 was published for org.pf4j:pf4j (Maven) Aug 29, 2023
OpenNMS vulnerable to remote code execution High
CVE-2023-40313 was published for org.opennms:opennms-base-assembly (Maven) Aug 17, 2023
Apache NiFi Code Injection vulnerability High
CVE-2023-36542 was published for org.apache.nifi:nifi-cdc-mysql-bundle (Maven) Jul 29, 2023
Apache NiFi vulnerable to Code Injection High
CVE-2023-34468 was published for org.apache.nifi:nifi-dbcp-base (Maven) Jun 12, 2023
exceptionfactory
Sqlite-jdbc vulnerable to remote code execution when JDBC url is attacker controlled High
CVE-2023-32697 was published for org.xerial:sqlite-jdbc (Maven) May 23, 2023
4390c336
Spring Boot Admins integrated notifier support allows arbitrary code execution High
CVE-2022-46166 was published for de.codecentric:spring-boot-admin (Maven) Dec 9, 2022
Tim-Conrad
Code injection via property expansion in SoapUI High
CVE-2014-1202 was published for com.smartbear.soapui:soapui (Maven) May 17, 2022
q5438722
Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1 High
CVE-2013-1777 was published for org.apache.geronimo.framework:geronimo-jmx-remoting (Maven) May 17, 2022
westonsteimel MarkLee131
Code injection in Apache Struts High
CVE-2013-4316 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Arbitrary code execution in Apache Struts 2 High
CVE-2013-2134 was published for org.apache.struts.xwork:xwork-core (Maven) May 14, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database