GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
123 advisories
XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader
Moderate
CVE-2024-37900
was published
for
org.xwiki.platform:xwiki-platform-web-war
(Maven)
Jul 31, 2024
Code injection in stanford-parser
Critical
CVE-2023-39020
was published
for
edu.stanford.nlp:stanford-parser
(Maven)
Jul 28, 2023
Apache Ambari: authenticated users could perform command injection to perform RCE
High
CVE-2023-50379
was published
for
org.apache.ambari.contrib.views:ambari-contrib-views
(Maven)
Feb 27, 2024
Remote Code Execution (RCE) vulnerability in geoserver
Critical
CVE-2024-36401
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jul 1, 2024
OpenAM FreeMarker template injection
High
CVE-2024-41667
was published
for
org.openidentityplatform.openam:openam-oauth2
(Maven)
Jul 25, 2024
Apache Hive Code Injection vulnerability
Moderate
CVE-2023-35701
was published
for
org.apache.hive:hive-jdbc
(Maven)
May 3, 2024
Code injection in Apache Zeppelin Shell
Moderate
CVE-2024-31861
was published
for
org.apache.zeppelin:zeppelin-shell
(Maven)
Apr 11, 2024
Spring Security OAuth vulnerable to remote code execution (RCE)
Critical
CVE-2018-1260
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 18, 2018
Apache Zeppelin remote code execution by adding malicious JDBC connection string
Critical
CVE-2024-31864
was published
for
org.apache.zeppelin:zeppelin-jdbc
(Maven)
Apr 9, 2024
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`)
High
CVE-2024-28848
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 24, 2024
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)
High
CVE-2024-28847
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 24, 2024
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)
Critical
CVE-2024-28253
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 23, 2024
Apache NiFi vulnerable to Code Injection
High
CVE-2023-34468
was published
for
org.apache.nifi:nifi-dbcp-base
(Maven)
Jun 12, 2023
Code injection in Apache Ant
High
CVE-2020-11979
was published
for
org.apache.ant:ant
(Maven)
Feb 3, 2021
Spring Data Commons remote code injection vulnerability
Critical
CVE-2018-1273
was published
for
org.springframework.data:spring-data-commons
(Maven)
Oct 17, 2018
Improper Control of Generation of Code ('Code Injection') in org.apache.activemq:activemq-client
High
CVE-2019-0222
was published
for
org.apache.activemq:activemq-client
(Maven)
Apr 2, 2019
Remote code execution in Apache ActiveMQ
Critical
CVE-2020-11998
was published
for
org.apache.activemq:activemq-parent
(Maven)
Feb 9, 2022
ProTip!
Advisories are also available from the
GraphQL API