GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
Remote Code Execution (RCE) vulnerability in dropwizard-validation
High
CVE-2020-11002
was published
for
io.dropwizard:dropwizard-validation
(Maven)
Apr 10, 2020
io.ratpack:ratpack-core vulnerable to Improper Neutralization of Special Elements in Output ('Injection')
High
CVE-2019-17513
was published
for
io.ratpack:ratpack-core
(Maven)
Oct 21, 2019
Injection in Jolokia agent
High
CVE-2018-1000130
was published
for
org.jolokia:jolokia-core
(Maven)
May 14, 2022
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-29505
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 18, 2021
Server-Side Request Forgery in Jodd HTTP
High
CVE-2022-29631
was published
for
org.jodd:jodd-http
(Maven)
Jun 7, 2022
Remote code execution in xwiki-platform
High
CVE-2022-23616
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Feb 9, 2022
Response Splitting from unsanitized headers
High
CVE-2021-41084
was published
for
org.http4s:http4s-client
(Maven)
Sep 22, 2021
pgjdbc Does Not Check Class Instantiation when providing Plugin Classes
High
CVE-2022-21724
was published
for
org.postgresql:postgresql
(Maven)
Feb 2, 2022
Server side template injection in Apache Camel
High
CVE-2020-11994
was published
for
org.apache.camel:camel-robotframework
(Maven)
Jul 29, 2020
Code injection in Apache NiFi and NiFi Registry
High
CVE-2022-33140
was published
for
org.apache.nifi.registry:nifi-registry-core
(Maven)
Jun 16, 2022
RCE in XWiki
High
CVE-2020-15252
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Oct 16, 2020
Server-Side Template Injection
High
CVE-2020-26282
was published
for
com.browserup:browserup-proxy
(Maven)
Dec 24, 2020
Remote Code Execution in SCIMono
High
CVE-2021-21479
was published
for
com.sap.scimono:scimono-server
(Maven)
Feb 10, 2021
Injection in Apache Syncope
High
CVE-2020-1961
was published
for
org.apache.syncope:syncope-core
(Maven)
Jun 16, 2021
Command injection in Apache Unomi
High
CVE-2021-31164
was published
for
org.apache.unomi:unomi
(Maven)
Jun 16, 2021
HTTP header injection in Sonatype Nexus Repository
High
CVE-2021-40143
was published
for
org.sonatype.nexus:nexus-repository
(Maven)
Sep 8, 2021
An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node.
High
CVE-2020-35213
was published
for
io.atomix:atomix
(Maven)
Dec 17, 2021
Command injection in Apache Sling
High
CVE-2023-25141
was published
for
org.apache.sling:org.apache.sling.jcr.base
(Maven)
Feb 14, 2023
Opencast RCE Vulnerability
High
CVE-2017-1000217
was published
for
org.opencastproject:base
(Maven)
May 14, 2022
XWiki Platform vulnerable to privilege escalation from view right using Invitation.InvitationCommon
High
CVE-2023-29518
was published
for
org.xwiki.platform:xwiki-platform-invitation-ui
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to code injection from account/view through VFS Tree macro
High
CVE-2023-29521
was published
for
org.xwiki.platform:xwiki-platform-vfs-ui
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to code injection from view right on XWiki.ClassSheet
High
CVE-2023-29522
was published
for
org.xwiki.platform:xwiki-platform-xclass-ui
(Maven)
Apr 20, 2023
org.xwiki.platform:xwiki-platform-attachment-ui vulnerable to Code Injection
High
CVE-2023-29519
was published
for
org.xwiki.platform:xwiki-platform-attachment-ui
(Maven)
Apr 20, 2023
Apache Ranger code execution vulnerability in policy expressions
High
CVE-2022-45048
was published
for
org.apache.ranger:ranger
(Maven)
Jul 6, 2023
ThingsBoard Server-Side Template Injection
High
CVE-2023-45303
was published
for
org.thingsboard:thingsboard
(Maven)
Oct 6, 2023
ProTip!
Advisories are also available from the
GraphQL API