GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
71 advisories
Filter by severity
JSONPath Plus Remote Code Execution (RCE) Vulnerability
Critical
CVE-2024-21534
was published
for
jsonpath-plus
(Maven)
Oct 11, 2024
XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet
Critical
CVE-2024-37901
was published
for
org.xwiki.platform:xwiki-platform-search-ui
(Maven)
Jul 31, 2024
Code injection in stanford-parser
Critical
CVE-2023-39020
was published
for
edu.stanford.nlp:stanford-parser
(Maven)
Jul 28, 2023
Remote Code Execution in Apache Dolphinscheduler
Critical
CVE-2023-49109
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
Apache Dolphinscheduler Code Injection vulnerability
Critical
CVE-2024-43202
was published
for
org.apache.dolphinscheduler:dolphinscheduler-task-api
(Maven)
Aug 20, 2024
XWiki Platform allows remote code execution from user account
Critical
CVE-2024-37899
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 20, 2024
Remote Code Execution (RCE) vulnerability in geoserver
Critical
CVE-2024-36401
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jul 1, 2024
Remote code execution in Spring Cloud Data Flow
Critical
CVE-2024-37084
was published
for
org.springframework.cloud:spring-cloud-skipper
(Maven)
Jul 25, 2024
Spring Security OAuth vulnerable to remote code execution (RCE)
Critical
CVE-2018-1260
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 18, 2018
Apache Zeppelin remote code execution by adding malicious JDBC connection string
Critical
CVE-2024-31864
was published
for
org.apache.zeppelin:zeppelin-jdbc
(Maven)
Apr 9, 2024
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)
Critical
CVE-2024-28253
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 23, 2024
Spring Data Commons remote code injection vulnerability
Critical
CVE-2018-1273
was published
for
org.springframework.data:spring-data-commons
(Maven)
Oct 17, 2018
Remote code execution in Apache ActiveMQ
Critical
CVE-2020-11998
was published
for
org.apache.activemq:activemq-parent
(Maven)
Feb 9, 2022
FFmpeg discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>
Critical
CVE-2023-39018
was published
for
net.bramp.ffmpeg:ffmpeg
(Maven)
Jul 28, 2023
•
withdrawn
Improperly Implemented Security Check for Standard in org.springframework:spring-core
Critical
CVE-2018-1275
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Beetl Server-Side Template Injection vulnerability
Critical
CVE-2024-22533
was published
for
com.ibeetl:beetl-core
(Maven)
Feb 2, 2024
Apache Derby: LDAP injection vulnerability in authenticator
Critical
CVE-2022-46337
was published
for
org.apache.derby:derby
(Maven)
Nov 20, 2023
Arbitrary code execution in Apache Commons Text
Critical
CVE-2022-42889
was published
for
com.guicedee.services:commons-text
(Maven)
Oct 13, 2022
XWiki Remote Code Execution Vulnerability via User Registration
Critical
CVE-2024-21650
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Jan 8, 2024
JeecgBoot server-side template injection
Critical
CVE-2023-41544
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Dec 30, 2023
Apache InLong Manager Remote Code Execution vulnerability
Critical
CVE-2023-51784
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jan 3, 2024
Remote code execution/programming rights with configuration section from any user account
Critical
CVE-2023-50723
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Dec 16, 2023
Remote code execution from account through SearchAdmin
Critical
CVE-2023-50721
was published
for
org.xwiki.platform:xwiki-platform-search-ui
(Maven)
Dec 16, 2023
HtmlUnit Code Injection vulnerability
Critical
CVE-2023-26119
was published
for
net.sourceforge.htmlunit:htmlunit
(Maven)
Jul 6, 2023
Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request
Critical
CVE-2023-48887
was published
for
org.jupiter-rpc:jupiter-rpc
(Maven)
Dec 2, 2023
ProTip!
Advisories are also available from the
GraphQL API