GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,001
Maven
5,000+
npm
3,713
NuGet
661
pip
3,384
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
83 advisories
Filter by severity
DataEase's H2 datasource has a remote command execution risk
Critical
CVE-2024-46997
was published
for
io.dataease:common
(Maven)
Sep 23, 2024
SOFA Hessian Remote Command Execution (RCE) Vulnerability
High
CVE-2024-46983
was published
for
com.alipay.sofa:hessian
(Maven)
Sep 19, 2024
Apache Wicket: Remote code execution via XSLT injection
High
CVE-2024-36522
was published
for
org.apache.wicket:wicket-util
(Maven)
Jul 12, 2024
Xuxueli xxl-job template injection vulnerability
Low
CVE-2024-3366
was published
for
com.xuxueli:xxl-job-core
(Maven)
Apr 6, 2024
Apache Derby: LDAP injection vulnerability in authenticator
Critical
CVE-2022-46337
was published
for
org.apache.derby:derby
(Maven)
Nov 20, 2023
SQL Injection in Apache InLong
High
CVE-2023-43667
was published
for
org.apache.inlong:inlong
(Maven)
Oct 16, 2023
ThingsBoard Server-Side Template Injection
High
CVE-2023-45303
was published
for
org.thingsboard:thingsboard
(Maven)
Oct 6, 2023
Code injection in Duke
Critical
CVE-2023-39013
was published
for
no.priv.garshol.duke:duke
(Maven)
Jul 28, 2023
org.xwiki.platform:xwiki-platform-skin-ui Eval Injection vulnerability
Critical
CVE-2023-37462
was published
for
org.xwiki.platform:xwiki-platform-skin-ui
(Maven)
Jul 14, 2023
Apache Ranger code execution vulnerability in policy expressions
High
CVE-2022-45048
was published
for
org.apache.ranger:ranger
(Maven)
Jul 6, 2023
HtmlUnit Code Injection vulnerability
Critical
CVE-2023-26119
was published
for
net.sourceforge.htmlunit:htmlunit
(Maven)
Jul 6, 2023
Remote Code Execution for 2.4.1 and earlier
Critical
CVE-2023-36812
was published
for
net.opentsdb:opentsdb
(Maven)
Jun 30, 2023
XWiki Platform vulnerable to Code injection through NotificationRSSService
Critical
CVE-2023-36469
was published
for
org.xwiki.platform:xwiki-platform-notifications-ui
(Maven)
Jun 30, 2023
XWiki Platform vulnerable to Code Injection in icon themes
Critical
CVE-2023-36470
was published
for
org.xwiki.platform:xwiki-platform-icon-default
(Maven)
Jun 30, 2023
org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted
Critical
CVE-2023-36471
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
Jun 30, 2023
Apache StreamPark LDAP Injection vulnerability
Moderate
CVE-2022-45801
was published
for
org.apache.streampark:streampark
(Maven)
May 1, 2023
XWiki Platform vulnerable to privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration
Critical
CVE-2023-29525
was published
for
org.xwiki.platform:xwiki-platform-distribution-war
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to code injection from account through AWM view sheet
Critical
CVE-2023-29527
was published
for
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
(Maven)
Apr 20, 2023
XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode
Critical
CVE-2023-29526
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to code injection from account through XWiki.SchedulerJobSheet
Critical
CVE-2023-29524
was published
for
org.xwiki.platform:xwiki-platform-scheduler-ui
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to code injection in display method used in user profiles
Critical
CVE-2023-29523
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to code injection from view right on XWiki.ClassSheet
High
CVE-2023-29522
was published
for
org.xwiki.platform:xwiki-platform-xclass-ui
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to code injection from account/view through VFS Tree macro
High
CVE-2023-29521
was published
for
org.xwiki.platform:xwiki-platform-vfs-ui
(Maven)
Apr 20, 2023
org.xwiki.platform:xwiki-platform-attachment-ui vulnerable to Code Injection
High
CVE-2023-29519
was published
for
org.xwiki.platform:xwiki-platform-attachment-ui
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to privilege escalation from view right using Invitation.InvitationCommon
High
CVE-2023-29518
was published
for
org.xwiki.platform:xwiki-platform-invitation-ui
(Maven)
Apr 20, 2023
ProTip!
Advisories are also available from the
GraphQL API