GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
719 advisories
Filter by severity
Duplicate Advisory: SQL injection in pgjdbc
Critical
GHSA-xfg6-62px-cxc2
was published
for
org.postgresql:postgresql
(Maven)
Feb 19, 2024
•
withdrawn
MyBatis-Plus vulnerable to SQL injection via TenantPlugin
Critical
CVE-2023-25330
was published
for
com.baomidou:mybatis-plus
(Maven)
Apr 5, 2023
Dromara hutool vulnerable to SQL Injection
Critical
CVE-2023-24163
was published
for
cn.hutool:hutool-all
(Maven)
Jan 31, 2023
Amazon JDBC Driver for Redshift SQL Injection via line comment generation
Critical
CVE-2024-32888
was published
for
com.amazon.redshift:redshift-jdbc42
(Maven)
May 15, 2024
Deserialization of Untrusted Data in Groovy
Critical
CVE-2016-6814
was published
for
org.codehaus.groovy:groovy
(Maven)
May 13, 2022
Apache Karaf Cave: Cave SSRF and arbitrary file access
Critical
CVE-2024-34365
was published
for
org.apache.karaf:cave
(Maven)
May 14, 2024
Genie Path Traversal vulnerability via File Uploads
Critical
CVE-2024-4701
was published
for
com.netflix.genie:genie-web
(Maven)
May 9, 2024
Spring Security OAuth vulnerable to remote code execution (RCE)
Critical
CVE-2018-1260
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 18, 2018
XXL-JOB contains a Command execution vulnerability in background tasks
Critical
CVE-2022-40929
was published
for
com.xuxueli:xxl-job-core
(Maven)
Sep 29, 2022
Apache Zeppelin remote code execution by adding malicious JDBC connection string
Critical
CVE-2024-31864
was published
for
org.apache.zeppelin:zeppelin-jdbc
(Maven)
Apr 9, 2024
Remote code execution in DolphinScheduler
Critical
CVE-2020-11974
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 9, 2022
Central Dogma Authentication Bypass Vulnerability via Session Leakage
Critical
CVE-2024-1143
was published
for
com.linecorp.centraldogma:centraldogma-server
(Maven)
Feb 2, 2024
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)
Critical
CVE-2024-28253
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 23, 2024
Apache ActiveMQ Apollo XXE Vulnerability
Critical
CVE-2014-3579
was published
for
org.apache.activemq:apollo-project
(Maven)
May 14, 2022
XWiki Platform remote code execution from account through UIExtension parameters
Critical
CVE-2024-31997
was published
for
org.xwiki.platform:xwiki-platform-uiextension-api
(Maven)
Apr 10, 2024
Credential leak in org.apache.directory.api:apache-ldap-api
Critical
CVE-2018-1337
was published
for
org.apache.directory.api:apache-ldap-api
(Maven)
Nov 9, 2018
SQL Injection in hive-jdbc
Critical
CVE-2018-1282
was published
for
org.apache.hive:hive-jdbc
(Maven)
Nov 21, 2018
Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization
Critical
CVE-2018-1295
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
Expected Behavior Violation in Apache Tomcat
Critical
CVE-2017-5651
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 13, 2022
Exposure of Resource to Wrong Sphere in Apache Tomcat
Critical
CVE-2017-5648
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 13, 2022
Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat
Critical
CVE-2016-5018
was published
for
org.apache.tomcat.embed:tomcat-embed-jasper
(Maven)
May 13, 2022
Authorization Bypass in Spring Security
Critical
CVE-2014-3527
was published
for
org.springframework.security:spring-security-core
(Maven)
Sep 15, 2020
H2O local file inclusion vulnerability
Critical
CVE-2023-6038
was published
for
ai.h2o:h2o-core
(Maven)
Nov 16, 2023
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
Critical
CVE-2014-4172
was published
for
DotNetCasClient
(Composer)
May 17, 2022
Apache Tika allows Java code execution for serialized objects embedded in MATLAB files
Critical
CVE-2016-6809
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
ProTip!
Advisories are also available from the
GraphQL API