Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

127 advisories

Loading
JSONPath Plus Remote Code Execution (RCE) Vulnerability Critical
CVE-2024-21534 was published for jsonpath-plus (Maven) Oct 11, 2024
jdong10
OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF) High
CVE-2024-47879 was published for org.openrefine:main (Maven) Oct 24, 2024
wetneb
Code execution vulnerability in HtmlUnit High
CVE-2020-5529 was published for net.sourceforge.htmlunit:htmlunit (Maven) May 21, 2020
OpenNMS vulnerable to remote code execution High
CVE-2023-40313 was published for org.opennms:opennms-base-assembly (Maven) Aug 17, 2023
Apache NiFi Code Injection vulnerability High
CVE-2023-36542 was published for org.apache.nifi:nifi-cdc-mysql-bundle (Maven) Jul 29, 2023
XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet Critical
CVE-2024-37901 was published for org.xwiki.platform:xwiki-platform-search-ui (Maven) Jul 31, 2024
XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader Moderate
CVE-2024-37900 was published for org.xwiki.platform:xwiki-platform-web-war (Maven) Jul 31, 2024
RoboGR00t
Code injection in stanford-parser Critical
CVE-2023-39020 was published for edu.stanford.nlp:stanford-parser (Maven) Jul 28, 2023
aikebah
Remote Code Execution in Apache Dolphinscheduler Critical
CVE-2023-49109 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
Apache Inlong Code Injection vulnerability High
CVE-2024-36268 was published for org.apache.inlong:tubemq-core (Maven) Aug 2, 2024
Apache Dolphinscheduler Code Injection vulnerability Critical
CVE-2024-43202 was published for org.apache.dolphinscheduler:dolphinscheduler-task-api (Maven) Aug 20, 2024
Apache Ambari: authenticated users could perform command injection to perform RCE High
CVE-2023-50379 was published for org.apache.ambari.contrib.views:ambari-contrib-views (Maven) Feb 27, 2024
oscerd
XWiki Platform allows remote code execution from user account Critical
CVE-2024-37899 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 20, 2024
Remote Code Execution (RCE) vulnerability in geoserver Critical
CVE-2024-36401 was published for org.geoserver.web:gs-web-app (Maven) Jul 1, 2024
sikeoka jodygarnett
Remote code execution in Spring Cloud Data Flow Critical
CVE-2024-37084 was published for org.springframework.cloud:spring-cloud-skipper (Maven) Jul 25, 2024
Improper Input Validation in Apache Solr High
CVE-2019-17558 was published for org.apache.solr:solr-core (Maven) Feb 12, 2020
XML External Entity (XXE) Injection in Apache Solr High
CVE-2019-0193 was published for org.apache.solr:solr-core (Maven) Aug 1, 2019
OpenAM FreeMarker template injection High
CVE-2024-41667 was published for org.openidentityplatform.openam:openam-oauth2 (Maven) Jul 25, 2024
AfterSnows
Apache Hive Code Injection vulnerability Moderate
CVE-2023-35701 was published for org.apache.hive:hive-jdbc (Maven) May 3, 2024
oscerd
Code injection in Apache Zeppelin Shell Moderate
CVE-2024-31861 was published for org.apache.zeppelin:zeppelin-shell (Maven) Apr 11, 2024
raboof
Spring Security OAuth vulnerable to remote code execution (RCE) Critical
CVE-2018-1260 was published for org.springframework.security.oauth:spring-security-oauth2 (Maven) Oct 18, 2018
MikeMoore63 SunBK201
Apache Zeppelin remote code execution by adding malicious JDBC connection string Critical
CVE-2024-31864 was published for org.apache.zeppelin:zeppelin-jdbc (Maven) Apr 9, 2024
oscerd
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`) High
CVE-2024-28848 was published for org.open-metadata:openmetadata-service (Maven) Apr 24, 2024
pwntester
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`) High
CVE-2024-28847 was published for org.open-metadata:openmetadata-service (Maven) Apr 24, 2024
pwntester
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`) Critical
CVE-2024-28253 was published for org.open-metadata:openmetadata-service (Maven) Apr 23, 2024
pwntester
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database