GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
123 advisories
XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader
Moderate
CVE-2024-37900
was published
for
org.xwiki.platform:xwiki-platform-web-war
(Maven)
Jul 31, 2024
OpenAM FreeMarker template injection
High
CVE-2024-41667
was published
for
org.openidentityplatform.openam:openam-oauth2
(Maven)
Jul 25, 2024
Remote Code Execution (RCE) vulnerability in geoserver
Critical
CVE-2024-36401
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jul 1, 2024
Apache Hive Code Injection vulnerability
Moderate
CVE-2023-35701
was published
for
org.apache.hive:hive-jdbc
(Maven)
May 3, 2024
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`)
High
CVE-2024-28848
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 24, 2024
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)
High
CVE-2024-28847
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 24, 2024
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)
Critical
CVE-2024-28253
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 23, 2024
Code injection in Apache Zeppelin Shell
Moderate
CVE-2024-31861
was published
for
org.apache.zeppelin:zeppelin-shell
(Maven)
Apr 11, 2024
Apache Zeppelin remote code execution by adding malicious JDBC connection string
Critical
CVE-2024-31864
was published
for
org.apache.zeppelin:zeppelin-jdbc
(Maven)
Apr 9, 2024
Apache Ambari: authenticated users could perform command injection to perform RCE
High
CVE-2023-50379
was published
for
org.apache.ambari.contrib.views:ambari-contrib-views
(Maven)
Feb 27, 2024
Beetl Server-Side Template Injection vulnerability
Critical
CVE-2024-22533
was published
for
com.ibeetl:beetl-core
(Maven)
Feb 2, 2024
ProTip!
Advisories are also available from the
GraphQL API