GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
83 advisories
Filter by severity
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy
Critical
CVE-2015-3253
was published
for
org.codehaus.groovy:groovy
(Maven)
May 13, 2022
Apache Spark vulnerable to Log Injection
Moderate
CVE-2022-31777
was published
for
org.apache.spark:spark-core
(Maven)
Nov 1, 2022
SQL Injection in Apache InLong
High
CVE-2023-43667
was published
for
org.apache.inlong:inlong
(Maven)
Oct 16, 2023
DataEase's H2 datasource has a remote command execution risk
Critical
CVE-2024-46997
was published
for
io.dataease:common
(Maven)
Sep 23, 2024
SOFA Hessian Remote Command Execution (RCE) Vulnerability
High
CVE-2024-46983
was published
for
com.alipay.sofa:hessian
(Maven)
Sep 19, 2024
Improper Input Validation in Apache Solr
High
CVE-2019-17558
was published
for
org.apache.solr:solr-core
(Maven)
Feb 12, 2020
Apache Wicket: Remote code execution via XSLT injection
High
CVE-2024-36522
was published
for
org.apache.wicket:wicket-util
(Maven)
Jul 12, 2024
Remote Code Execution (RCE) vulnerability in dropwizard-validation
High
CVE-2020-5245
was published
for
io.dropwizard:dropwizard-validation
(Maven)
Feb 24, 2020
Apache Tomcat improperly escapes input from JsonErrorReportValve
High
CVE-2022-45143
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 3, 2023
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
Critical
CVE-2014-4172
was published
for
DotNetCasClient
(Composer)
May 17, 2022
Xuxueli xxl-job template injection vulnerability
Low
CVE-2024-3366
was published
for
com.xuxueli:xxl-job-core
(Maven)
Apr 6, 2024
Code injection in Apache Ant
High
CVE-2020-11979
was published
for
org.apache.ant:ant
(Maven)
Feb 3, 2021
Expression injection in AviatorScript
Critical
CVE-2021-41862
was published
for
com.googlecode.aviator:aviator
(Maven)
Oct 4, 2021
Apache Derby: LDAP injection vulnerability in authenticator
Critical
CVE-2022-46337
was published
for
org.apache.derby:derby
(Maven)
Nov 20, 2023
HtmlUnit Code Injection vulnerability
Critical
CVE-2023-26119
was published
for
net.sourceforge.htmlunit:htmlunit
(Maven)
Jul 6, 2023
XWiki Platform vulnerable to Code Injection in icon themes
Critical
CVE-2023-36470
was published
for
org.xwiki.platform:xwiki-platform-icon-default
(Maven)
Jun 30, 2023
XWiki Platform vulnerable to Code injection through NotificationRSSService
Critical
CVE-2023-36469
was published
for
org.xwiki.platform:xwiki-platform-notifications-ui
(Maven)
Jun 30, 2023
Code injection via unescaped translations in xwiki-platform
Critical
CVE-2023-29510
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Apr 19, 2023
ThingsBoard Server-Side Template Injection
High
CVE-2023-45303
was published
for
org.thingsboard:thingsboard
(Maven)
Oct 6, 2023
Remote Code Execution for 2.4.1 and earlier
Critical
CVE-2023-36812
was published
for
net.opentsdb:opentsdb
(Maven)
Jun 30, 2023
Apache Ranger code execution vulnerability in policy expressions
High
CVE-2022-45048
was published
for
org.apache.ranger:ranger
(Maven)
Jul 6, 2023
org.xwiki.platform:xwiki-platform-logging-ui Eval Injection vulnerability
Critical
CVE-2023-29213
was published
for
org.xwiki.platform:xwiki-platform-logging-ui
(Maven)
Apr 12, 2023
Apache StreamPark LDAP Injection vulnerability
Moderate
CVE-2022-45801
was published
for
org.apache.streampark:streampark
(Maven)
May 1, 2023
org.xwiki.platform:xwiki-platform-skin-ui Eval Injection vulnerability
Critical
CVE-2023-37462
was published
for
org.xwiki.platform:xwiki-platform-skin-ui
(Maven)
Jul 14, 2023
org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted
Critical
CVE-2023-36471
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
Jun 30, 2023
ProTip!
Advisories are also available from the
GraphQL API