Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

728 advisories

Loading
XWiki Platform privilege escalation from script right to programming right through title displayer Critical
CVE-2023-46244 was published for org.xwiki.platform:xwiki-platform-display-api (Maven) Nov 7, 2023
XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF token Critical
CVE-2023-46242 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Nov 7, 2023
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request Critical
CVE-2023-46502 was published for org.opencrx:opencrx-client (Maven) Oct 31, 2023
Apache ActiveMQ is vulnerable to Remote Code Execution Critical
CVE-2023-46604 was published for org.apache.activemq:activemq-client (Maven) Oct 27, 2023
nmarcoccio
XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages Critical
CVE-2023-45137 was published for org.xwiki.platform:xwiki-platform-web (Maven) Oct 25, 2023
XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled Critical
CVE-2023-45136 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Oct 25, 2023
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title Critical
CVE-2023-45135 was published for org.xwiki.platform:xwiki-platform-web (Maven) Oct 25, 2023
XWiki Platform XSS vulnerability from account in the create page form via template provider Critical
CVE-2023-45134 was published for org.xwiki.platform:xwiki-platform-web (Maven) Oct 25, 2023
org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter Critical
CVE-2023-37913 was published for org.xwiki.platform:xwiki-platform-office-importer (Maven) Oct 25, 2023
org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability Critical
CVE-2023-37908 was published for org.xwiki.rendering:xwiki-rendering-xml (Maven) Oct 25, 2023
SaToken privilege escalation vulnerability Critical
CVE-2023-44794 was published for cn.dev33:sa-token-core (Maven) Oct 25, 2023
Sureness uses hardcoded key Critical
CVE-2023-31581 was published for com.usthe.sureness:sureness-core (Maven) Oct 25, 2023
Yamcs API Directory Traversal vulnerability Critical
CVE-2023-45278 was published for org.yamcs:yamcs (Maven) Oct 19, 2023
XWiki Identity Oauth Privilege escalation (PR)/remote code execution from login screen through unescaped URL parameter Critical
CVE-2023-45144 was published for com.xwiki.identity-oauth:identity-oauth-ui (Maven) Oct 17, 2023
lucaswitvoet
XWiki Change Request Application UI XSS and remote code execution through change request title Critical
CVE-2023-45138 was published for org.xwiki.contrib.changerequest:application-changerequest-ui (Maven) Oct 17, 2023
michitux
Authorization Bypass in Apache InLong Critical
CVE-2023-43668 was published for org.apache.inlong:manager-pojo (Maven) Oct 16, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper Critical
CVE-2023-44981 was published for org.apache.zookeeper:zookeeper (Maven) Oct 11, 2023
SQL injection in jeecgboot Critical
CVE-2023-40989 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Sep 22, 2023
MarkLee131
Improper Control of Generation of Code ('Code Injection') in jai-ext Critical
CVE-2022-24816 was published for it.geosolutions.jaiext.jiffle:jt-jiffle (Maven) Sep 19, 2023
sikeoka
OpenRefine Remote Code execution in project import with mysql jdbc url attack Critical
CVE-2023-41887 was published for org.openrefine:database (Maven) Sep 12, 2023
nbxiglk0
hutool Buffer Overflow vulnerability Critical
CVE-2023-42277 was published for cn.hutool:hutool-core (Maven) Sep 9, 2023
hutool Buffer Overflow vulnerability Critical
CVE-2023-42276 was published for cn.hutool:hutool-core (Maven) Sep 9, 2023
Jeecg boot SQL Injection vulnerability Critical
CVE-2023-42268 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Sep 8, 2023
Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService Critical
CVE-2023-40743 was published for axis:axis (Maven) Sep 5, 2023
jkmartindale ebickle
XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution Critical
CVE-2023-40573 was published for com.xpn.xwiki.platform.plugins:xwiki-plugin-scheduler (Maven) Aug 23, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database