GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
16 advisories
Filter by severity
XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader
Moderate
CVE-2024-37900
was published
for
org.xwiki.platform:xwiki-platform-web-war
(Maven)
Jul 31, 2024
Apache Hive Code Injection vulnerability
Moderate
CVE-2023-35701
was published
for
org.apache.hive:hive-jdbc
(Maven)
May 3, 2024
Code injection in Apache Zeppelin Shell
Moderate
CVE-2024-31861
was published
for
org.apache.zeppelin:zeppelin-shell
(Maven)
Apr 11, 2024
Improper Control of Generation of Code ('Code Injection') in Spring Framework
Moderate
CVE-2010-1622
was published
for
org.springframework:spring
(Maven)
May 17, 2022
Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode
Moderate
CVE-2012-0394
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 4, 2022
ShifuML shifu code injection vulnerability
Moderate
CVE-2023-7148
was published
for
ml.shifu:shifu
(Maven)
Dec 29, 2023
Improper Control of Generation of Code in Apache Camel
Moderate
CVE-2013-4330
was published
for
org.apache.camel:camel-core
(Maven)
May 13, 2022
Robocode Arbitrary Code Execution
Moderate
CVE-2007-6382
was published
for
net.sf.robocode:robocode.core
(Maven)
May 1, 2022
Mortbay Jetty CRLF Injection Vulnerability
Moderate
CVE-2007-5615
was published
for
org.mortbay.jetty:jetty
(Maven)
May 1, 2022
Apache Tomcat Unrestricted file upload vulnerability
Moderate
CVE-2013-4444
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Apache Syncope JEXL Code Injection
Moderate
CVE-2014-0111
was published
for
org.apache.syncope:syncope
(Maven)
May 14, 2022
fabric8 kubernetes-client vulnerable
Moderate
CVE-2021-4178
was published
for
io.fabric8:kubernetes-client
(Maven)
Jul 15, 2022
XStream is vulnerable to a Remote Command Execution attack
Moderate
CVE-2021-21345
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Improper Control of Generation of Code in HawtJNI
Moderate
CVE-2013-2035
was published
for
org.fusesource.hawtjni:hawtjni-runtime
(Maven)
May 17, 2022
Improper Control of Generation of Code in Apache Kafka
Moderate
CVE-2018-1288
was published
for
org.apache.kafka:kafka
(Maven)
May 13, 2022
Improper Control of Generation of Code in Spring Security
Moderate
CVE-2011-2732
was published
for
org.springframework.security:spring-security-core
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API