GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
38 advisories
Filter by severity
DataEase's H2 datasource has a remote command execution risk
Critical
CVE-2024-46997
was published
for
io.dataease:common
(Maven)
Sep 23, 2024
Apache Derby: LDAP injection vulnerability in authenticator
Critical
CVE-2022-46337
was published
for
org.apache.derby:derby
(Maven)
Nov 20, 2023
Code injection in Duke
Critical
CVE-2023-39013
was published
for
no.priv.garshol.duke:duke
(Maven)
Jul 28, 2023
org.xwiki.platform:xwiki-platform-skin-ui Eval Injection vulnerability
Critical
CVE-2023-37462
was published
for
org.xwiki.platform:xwiki-platform-skin-ui
(Maven)
Jul 14, 2023
HtmlUnit Code Injection vulnerability
Critical
CVE-2023-26119
was published
for
net.sourceforge.htmlunit:htmlunit
(Maven)
Jul 6, 2023
Remote Code Execution for 2.4.1 and earlier
Critical
CVE-2023-36812
was published
for
net.opentsdb:opentsdb
(Maven)
Jun 30, 2023
XWiki Platform vulnerable to Code injection through NotificationRSSService
Critical
CVE-2023-36469
was published
for
org.xwiki.platform:xwiki-platform-notifications-ui
(Maven)
Jun 30, 2023
XWiki Platform vulnerable to Code Injection in icon themes
Critical
CVE-2023-36470
was published
for
org.xwiki.platform:xwiki-platform-icon-default
(Maven)
Jun 30, 2023
org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted
Critical
CVE-2023-36471
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
Jun 30, 2023
XWiki Platform vulnerable to privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration
Critical
CVE-2023-29525
was published
for
org.xwiki.platform:xwiki-platform-distribution-war
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to code injection from account through AWM view sheet
Critical
CVE-2023-29527
was published
for
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
(Maven)
Apr 20, 2023
XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode
Critical
CVE-2023-29526
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to code injection from account through XWiki.SchedulerJobSheet
Critical
CVE-2023-29524
was published
for
org.xwiki.platform:xwiki-platform-scheduler-ui
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to code injection in display method used in user profiles
Critical
CVE-2023-29523
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to privilege escalation from view right on XWiki.AttachmentSelector
Critical
CVE-2023-29516
was published
for
org.xwiki.platform:xwiki-platform-attachment-ui
(Maven)
Apr 20, 2023
XWiki vulnerable to Code Injection in template provider administration
Critical
CVE-2023-29514
was published
for
org.xwiki.platform.applications:xwiki-application-administration
(Maven)
Apr 20, 2023
xwiki-platform-web-templates vulnerable to Eval Injection
Critical
CVE-2023-29512
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Apr 20, 2023
Code injection via unescaped translations in xwiki-platform
Critical
CVE-2023-29510
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Apr 19, 2023
org.xwiki.platform:xwiki-platform-logging-ui Eval Injection vulnerability
Critical
CVE-2023-29213
was published
for
org.xwiki.platform:xwiki-platform-logging-ui
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection
Critical
CVE-2023-27479
was published
for
org.xwiki.platform:xwiki-platform-panels-ui
(Maven)
Mar 8, 2023
Apache Kerby LdapIdentityBackend LDAP Injection vulnerability
Critical
CVE-2023-25613
was published
for
org.apache.kerby:ldap-backend
(Maven)
Feb 20, 2023
Apache Karaf vulnerable to potential code injection
Critical
CVE-2022-40145
was published
for
org.apache.karaf:apache-karaf
(Maven)
Dec 21, 2022
Code injection in quarkus dev ui config editor
Critical
CVE-2022-4116
was published
for
io.quarkus:quarkus-vertx-http-deployment
(Maven)
Nov 22, 2022
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui
Critical
CVE-2022-41934
was published
for
org.xwiki.platform:xwiki-platform-menu-ui
(Maven)
Nov 21, 2022
Remote code execution in Apache Flume
Critical
CVE-2022-34916
was published
for
org.apache.flume.flume-ng-sources:flume-jms-source
(Maven)
Aug 22, 2022
ProTip!
Advisories are also available from the
GraphQL API