GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
36 advisories
Filter by severity
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-29505
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 18, 2021
RCE in XWiki
High
CVE-2020-15252
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Oct 16, 2020
Code injection in spring-cloud-netflix-hystrix-dashboard
High
CVE-2021-22053
was published
for
org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard
(Maven)
Nov 23, 2021
Spring Boot Admins integrated notifier support allows arbitrary code execution
High
CVE-2022-46166
was published
for
de.codecentric:spring-boot-admin
(Maven)
Dec 9, 2022
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-39144
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Code Injection in jackson-databind
High
CVE-2020-24616
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Script injection without script or programming rights through Gadget titles
High
CVE-2021-32621
was published
for
org.xwiki.commons:xwiki-commons-core
(Maven)
May 18, 2021
Apache NiFi Code Injection vulnerability
High
CVE-2023-36542
was published
for
org.apache.nifi:nifi-cdc-mysql-bundle
(Maven)
Jul 29, 2023
hson-java vulnerable to denial of service
High
CVE-2023-39685
was published
for
org.hjson:hjson
(Maven)
Sep 1, 2023
Sqlite-jdbc vulnerable to remote code execution when JDBC url is attacker controlled
High
CVE-2023-32697
was published
for
org.xerial:sqlite-jdbc
(Maven)
May 23, 2023
pf4j vulnerable to remote code execution via the zippluginPath parameter
High
CVE-2023-40826
was published
for
org.pf4j:pf4j
(Maven)
Aug 29, 2023
pf4j vulnerable to remote code execution via loadpluginPath parameter
High
CVE-2023-40827
was published
for
org.pf4j:pf4j
(Maven)
Aug 29, 2023
pf4j vulnerable to remote code execution via expandIfZip method in the extract function
High
CVE-2023-40828
was published
for
org.pf4j:pf4j
(Maven)
Aug 29, 2023
Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet
High
CVE-2023-37909
was published
for
org.xwiki.platform:xwiki-platform-menu
(Maven)
Oct 25, 2023
XWiki Platform vulnerable to privilege escalation and remote code execution via the edit action
High
CVE-2023-46243
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Nov 7, 2023
Code injection via property expansion in SoapUI
High
CVE-2014-1202
was published
for
com.smartbear.soapui:soapui
(Maven)
May 17, 2022
Arbitrary code execution in Apache Struts
High
CVE-2013-1966
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Code injection in Apache Struts
High
CVE-2013-2115
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 13, 2022
Arbitrary code execution in Apache Struts 2
High
CVE-2013-2134
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Arbitrary code execution in Apache Struts 2
High
CVE-2013-2135
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Code injection in Apache Struts
High
CVE-2013-4316
was published
for
org.apache.struts:struts2-core
(Maven)
May 17, 2022
Code injection in mingSoft MCMS
High
CVE-2023-51282
was published
for
net.mingsoft:ms-mcms
(Maven)
Jan 16, 2024
Sandbox escape in Artemis Java Test Sandbox
High
CVE-2024-23681
was published
for
de.tum.in.ase:artemis-java-test-sandbox
(Maven)
Jan 19, 2024
Arbitrary File Read Vulnerability in Apache Dolphinscheduler
High
CVE-2023-51770
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
Improper Control of Generation of Code in Apache Struts
High
CVE-2013-1965
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API