GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request
Critical
CVE-2016-4800
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Improper Access Control in commons-fileupload
Critical
CVE-2016-1000031
was published
for
commons-fileupload:commons-fileupload
(Maven)
Dec 21, 2018
Improper Access Control in SLF4J
Critical
CVE-2018-8088
was published
for
org.slf4j:slf4j-ext
(Maven)
May 13, 2022
Apache Tomcat Improper Access Control vulnerability
Critical
CVE-2016-8735
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 13, 2022
Improper Access Control in Apache Shiro
Critical
CVE-2016-4437
was published
for
org.apache.shiro:shiro-core
(Maven)
May 14, 2022
Apache Ambari Improper Access Control
Critical
CVE-2016-6807
was published
for
org.apache.ambari:ambari
(Maven)
May 17, 2022
XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author
Critical
CVE-2023-26474
was published
for
org.xwiki.platform:xwiki-platform-legacy-oldcore
(Maven)
Mar 3, 2023
XWiki Platform users may execute anything with superadmin right through comments and async macro
Critical
CVE-2023-26471
was published
for
org.xwiki.platform:xwiki-platform-rendering-async-macro
(Maven)
Mar 3, 2023
XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode
Critical
CVE-2023-29526
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 20, 2023
Access Control Bypass in Spring Security
Critical
CVE-2023-34034
was published
for
org.springframework.security:spring-security-config
(Maven)
Jul 19, 2023
XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution
Critical
CVE-2023-40573
was published
for
com.xpn.xwiki.platform.plugins:xwiki-plugin-scheduler
(Maven)
Aug 23, 2023
SaToken privilege escalation vulnerability
Critical
CVE-2023-44794
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
Apache HugeGraph-Server: Command execution in gremlin
Critical
CVE-2024-27348
was published
for
org.apache.hugegraph:hugegraph-api
(Maven)
Apr 22, 2024
ProTip!
Advisories are also available from the
GraphQL API