GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
38 advisories
Filter by severity
Remote Code Execution in esigate-core
Critical
CVE-2018-1000854
was published
for
org.esigate:esigate-core
(Maven)
Dec 21, 2018
Code injection in MCMS
Critical
CVE-2022-30506
was published
for
net.mingsoft:ms-mcms
(Maven)
Jun 3, 2022
Remote code execution in Apache Flume
Critical
CVE-2022-34916
was published
for
org.apache.flume.flume-ng-sources:flume-jms-source
(Maven)
Aug 22, 2022
Apache Karaf vulnerable to potential code injection
Critical
CVE-2022-40145
was published
for
org.apache.karaf:apache-karaf
(Maven)
Dec 21, 2022
Injection in Apache NiFi
Critical
CVE-2017-5636
was published
for
org.apache.nifi:nifi
(Maven)
May 17, 2022
Code injection in quarkus dev ui config editor
Critical
CVE-2022-4116
was published
for
io.quarkus:quarkus-vertx-http-deployment
(Maven)
Nov 22, 2022
Remote Code Execution in Spring Framework
Critical
CVE-2022-22965
was published
for
org.springframework.boot:spring-boot-starter-web
(Maven)
Mar 31, 2022
Command injection leading to Remote Code Execution in Apache Storm
Critical
CVE-2021-38294
was published
for
org.apache.storm:storm
(Maven)
Oct 27, 2021
Code injection in Apache Commons Configuration
Critical
CVE-2022-33980
was published
for
org.apache.commons:commons-configuration2
(Maven)
Jul 7, 2022
Remote Code Execution in Apache Synapse
Critical
CVE-2017-15708
was published
for
org.apache.synapse:synapse-core
(Maven)
Nov 4, 2020
Template injection in cron-utils
Critical
CVE-2020-26238
was published
for
com.cronutils:cron-utils
(Maven)
Nov 24, 2020
Injection and Improper Input Validation in Apache Unomi
Critical
CVE-2020-13942
was published
for
org.apache.unomi:unomi
(Maven)
Feb 10, 2022
Server Side Template Injection in MCMS
Critical
CVE-2021-46063
was published
for
net.mingsoft:ms-mcms
(Maven)
Feb 19, 2022
Apache Kerby LdapIdentityBackend LDAP Injection vulnerability
Critical
CVE-2023-25613
was published
for
org.apache.kerby:ldap-backend
(Maven)
Feb 20, 2023
org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection
Critical
CVE-2023-27479
was published
for
org.xwiki.platform:xwiki-platform-panels-ui
(Maven)
Mar 8, 2023
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui
Critical
CVE-2022-41934
was published
for
org.xwiki.platform:xwiki-platform-menu-ui
(Maven)
Nov 21, 2022
xwiki-platform-web-templates vulnerable to Eval Injection
Critical
CVE-2023-29512
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to code injection from account through AWM view sheet
Critical
CVE-2023-29527
was published
for
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to code injection from account through XWiki.SchedulerJobSheet
Critical
CVE-2023-29524
was published
for
org.xwiki.platform:xwiki-platform-scheduler-ui
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to privilege escalation from view right on XWiki.AttachmentSelector
Critical
CVE-2023-29516
was published
for
org.xwiki.platform:xwiki-platform-attachment-ui
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to code injection in display method used in user profiles
Critical
CVE-2023-29523
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration
Critical
CVE-2023-29525
was published
for
org.xwiki.platform:xwiki-platform-distribution-war
(Maven)
Apr 20, 2023
XWiki vulnerable to Code Injection in template provider administration
Critical
CVE-2023-29514
was published
for
org.xwiki.platform.applications:xwiki-application-administration
(Maven)
Apr 20, 2023
XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode
Critical
CVE-2023-29526
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 20, 2023
Code injection in Duke
Critical
CVE-2023-39013
was published
for
no.priv.garshol.duke:duke
(Maven)
Jul 28, 2023
ProTip!
Advisories are also available from the
GraphQL API