GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
127 advisories
Filter by severity
Spring Data Commons remote code injection vulnerability
Critical
CVE-2018-1273
was published
for
org.springframework.data:spring-data-commons
(Maven)
Oct 17, 2018
Spring Framework allows applications to expose STOMP over WebSocket endpoints
Critical
CVE-2018-1270
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Improperly Implemented Security Check for Standard in org.springframework:spring-core
Critical
CVE-2018-1275
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Spring Security OAuth vulnerable to remote code execution (RCE)
Critical
CVE-2018-1260
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 18, 2018
Improper Control of Generation of Code ('Code Injection') in org.apache.activemq:activemq-client
High
CVE-2019-0222
was published
for
org.apache.activemq:activemq-client
(Maven)
Apr 2, 2019
Deserialization of Untrusted Data and Code Injection in xstream
Critical
CVE-2019-10173
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Jul 26, 2019
XML External Entity (XXE) Injection in Apache Solr
High
CVE-2019-0193
was published
for
org.apache.solr:solr-core
(Maven)
Aug 1, 2019
Improper Input Validation in Apache Solr
High
CVE-2019-17558
was published
for
org.apache.solr:solr-core
(Maven)
Feb 12, 2020
Code execution vulnerability in HtmlUnit
High
CVE-2020-5529
was published
for
net.sourceforge.htmlunit:htmlunit
(Maven)
May 21, 2020
Users with SCRIPT right can execute arbitrary code in XWiki
Low
CVE-2020-15171
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 10, 2020
RCE in XWiki
High
CVE-2020-15252
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Oct 16, 2020
Code injection in Apache Ant
High
CVE-2020-11979
was published
for
org.apache.ant:ant
(Maven)
Feb 3, 2021
XStream is vulnerable to a Remote Command Execution attack
Moderate
CVE-2021-21345
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Remote code execution in handlebars when compiling templates
Critical
CVE-2021-23369
was published
for
handlebars
(Maven)
May 6, 2021
Script injection without script or programming rights through Gadget titles
High
CVE-2021-32621
was published
for
org.xwiki.commons:xwiki-commons-core
(Maven)
May 18, 2021
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-29505
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 18, 2021
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-39144
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Template injection in thymeleaf-spring5
Critical
CVE-2021-43466
was published
for
org.thymeleaf:thymeleaf-spring5
(Maven)
Nov 10, 2021
Critical vulnerability found in cron-utils
Critical
CVE-2021-41269
was published
for
com.cronutils:cron-utils
(Maven)
Nov 15, 2021
Code injection in spring-cloud-netflix-hystrix-dashboard
High
CVE-2021-22053
was published
for
org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard
(Maven)
Nov 23, 2021
Code Injection in jackson-databind
High
CVE-2020-24616
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Code injection in ShenYu
Critical
CVE-2021-45029
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Remote code execution in Apache ActiveMQ
Critical
CVE-2020-11998
was published
for
org.apache.activemq:activemq-parent
(Maven)
Feb 9, 2022
Remote code execution in Apache Struts
Critical
CVE-2020-17530
was published
for
org.apache.struts:struts2-core
(Maven)
Feb 9, 2022
Apache Cassandra vulnerable to Code Injection due to unsafe configuration
Critical
CVE-2021-44521
was published
for
org.apache.cassandra:cassandra-all
(Maven)
Feb 12, 2022
ProTip!
Advisories are also available from the
GraphQL API