GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
83 advisories
Filter by severity
Remote Code Execution in esigate-core
Critical
CVE-2018-1000854
was published
for
org.esigate:esigate-core
(Maven)
Dec 21, 2018
io.ratpack:ratpack-core vulnerable to Improper Neutralization of Special Elements in Output ('Injection')
High
CVE-2019-17513
was published
for
io.ratpack:ratpack-core
(Maven)
Oct 21, 2019
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria
Moderate
GHSA-35fr-h7jr-hh86
was published
for
com.linecorp.armeria:armeria
(Maven)
Dec 6, 2019
Improper Input Validation in Apache Solr
High
CVE-2019-17558
was published
for
org.apache.solr:solr-core
(Maven)
Feb 12, 2020
Remote Code Execution (RCE) vulnerability in dropwizard-validation
High
CVE-2020-5245
was published
for
io.dropwizard:dropwizard-validation
(Maven)
Feb 24, 2020
HTTP Response Splitting in Styx
Moderate
CVE-2020-6858
was published
for
com.hotels.styx:styx-api
(Maven)
Mar 3, 2020
Remote Code Execution (RCE) vulnerability in dropwizard-validation
High
CVE-2020-11002
was published
for
io.dropwizard:dropwizard-validation
(Maven)
Apr 10, 2020
Server side template injection in Apache Camel
High
CVE-2020-11994
was published
for
org.apache.camel:camel-robotframework
(Maven)
Jul 29, 2020
Users with SCRIPT right can execute arbitrary code in XWiki
Low
CVE-2020-15171
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 10, 2020
RCE in XWiki
High
CVE-2020-15252
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Oct 16, 2020
Remote Code Execution in Apache Synapse
Critical
CVE-2017-15708
was published
for
org.apache.synapse:synapse-core
(Maven)
Nov 4, 2020
Template injection in cron-utils
Critical
CVE-2020-26238
was published
for
com.cronutils:cron-utils
(Maven)
Nov 24, 2020
Server-Side Template Injection
High
CVE-2020-26282
was published
for
com.browserup:browserup-proxy
(Maven)
Dec 24, 2020
Code injection in Apache Ant
High
CVE-2020-11979
was published
for
org.apache.ant:ant
(Maven)
Feb 3, 2021
Remote Code Execution in SCIMono
High
CVE-2021-21479
was published
for
com.sap.scimono:scimono-server
(Maven)
Feb 10, 2021
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-29505
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 18, 2021
Command injection in Apache Flink
Moderate
CVE-2020-1960
was published
for
org.apache.flink:flink-core
(Maven)
May 21, 2021
Command injection in Apache Unomi
High
CVE-2021-31164
was published
for
org.apache.unomi:unomi
(Maven)
Jun 16, 2021
Injection in Apache Syncope
High
CVE-2020-1961
was published
for
org.apache.syncope:syncope-core
(Maven)
Jun 16, 2021
Injection in MockServer
Moderate
CVE-2021-32827
was published
for
org.mock-server:mockserver
(Maven)
Aug 30, 2021
HTTP header injection in Sonatype Nexus Repository
High
CVE-2021-40143
was published
for
org.sonatype.nexus:nexus-repository
(Maven)
Sep 8, 2021
Response Splitting from unsanitized headers
High
CVE-2021-41084
was published
for
org.http4s:http4s-client
(Maven)
Sep 22, 2021
Expression injection in AviatorScript
Critical
CVE-2021-41862
was published
for
com.googlecode.aviator:aviator
(Maven)
Oct 4, 2021
Command injection leading to Remote Code Execution in Apache Storm
Critical
CVE-2021-38294
was published
for
org.apache.storm:storm
(Maven)
Oct 27, 2021
An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node.
High
CVE-2020-35213
was published
for
io.atomix:atomix
(Maven)
Dec 17, 2021
ProTip!
Advisories are also available from the
GraphQL API