GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
720 advisories
Filter by severity
Code injection in oscore
Critical
CVE-2023-39022
was published
for
opensymphony:oscore
(Maven)
Jul 28, 2023
Code injection in stanford-parser
Critical
CVE-2023-39020
was published
for
edu.stanford.nlp:stanford-parser
(Maven)
Jul 28, 2023
Code injection in Duke
Critical
CVE-2023-39013
was published
for
no.priv.garshol.duke:duke
(Maven)
Jul 28, 2023
Code injection in PowerJob
Critical
CVE-2023-37754
was published
for
tech.powerjob:powerjob-common
(Maven)
Jul 28, 2023
Code injection in wix-embedded-mysql
Critical
CVE-2023-39021
was published
for
com.wix:wix-embedded-mysql
(Maven)
Jul 28, 2023
SQL injection in jeecg-boot
Critical
CVE-2023-38992
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Jul 28, 2023
Remote code execution in Apache Jackrabbit
Critical
CVE-2023-37895
was published
for
org.apache.jackrabbit:jackrabbit-standalone
(Maven)
Jul 25, 2023
Hard-coded System User Credentials in Folio Data Export Spring module
Critical
GHSA-vf78-3q9f-92g3
was published
for
org.folio:mod-data-export-spring
(Maven)
Jul 25, 2023
SQL injection in audit endpoint
Critical
CVE-2023-35088
was published
for
org.apache.inlong:manager-service
(Maven)
Jul 25, 2023
Path Traversal in Apache Shiro
Critical
CVE-2023-34478
was published
for
org.apache.shiro:shiro-web
(Maven)
Jul 24, 2023
OpenAM vulnerable to user impersonation using SAMLv1.x SSO process
Critical
CVE-2023-37471
was published
for
org.openidentityplatform.openam:openam-federation-library
(Maven)
Jul 20, 2023
Access Control Bypass in Spring Security
Critical
CVE-2023-34034
was published
for
org.springframework.security:spring-security-config
(Maven)
Jul 19, 2023
rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message
Critical
CVE-2023-26512
was published
for
org.apache.eventmesh:eventmesh-connector-rabbitmq
(Maven)
Jul 17, 2023
org.xwiki.platform:xwiki-platform-skin-ui Eval Injection vulnerability
Critical
CVE-2023-37462
was published
for
org.xwiki.platform:xwiki-platform-skin-ui
(Maven)
Jul 14, 2023
Apache Pulsar Incorrect Authorization vulnerability
Critical
CVE-2023-30429
was published
for
org.apache.pulsar:pulsar
(Maven)
Jul 12, 2023
RocketMQ NameServer component Code Injection vulnerability
Critical
CVE-2023-37582
was published
for
org.apache.rocketmq:rocketmq-namesrv
(Maven)
Jul 12, 2023
XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API
Critical
CVE-2023-37277
was published
for
com.xpn.xwiki.platform:xwiki-core-rest-server
(Maven)
Jul 10, 2023
Apache RocketMQ may have remote code execution vulnerability when using update configuration function
Critical
CVE-2023-33246
was published
for
org.apache.rocketmq:rocketmq-broker
(Maven)
Jul 6, 2023
Apache InLong Insufficient Session Expiration vulnerability
Critical
CVE-2023-31065
was published
for
org.apache.inlong:manager-dao
(Maven)
Jul 6, 2023
Apache InLong has Files or Directories Accessible to External Parties in Apache InLong
Critical
CVE-2023-31066
was published
for
org.apache.inlong:manager-service
(Maven)
Jul 6, 2023
Apache InLong Improper Privilege Management vulnerability
Critical
CVE-2023-31062
was published
for
org.apache.inlong:manager-dao
(Maven)
Jul 6, 2023
Apache InLong has Weak Password Requirements in Apache InLong
Critical
CVE-2023-31098
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jul 6, 2023
Apache StreamPark Path Traversal vulnerability
Critical
CVE-2022-45802
was published
for
org.apache.streampark:streampark-common_2.11
(Maven)
Jul 6, 2023
Apache StreamPark Improper Input Validation vulnerability
Critical
CVE-2022-46365
was published
for
org.apache.streampark:streampark
(Maven)
Jul 6, 2023
Apache Linkis Unrestricted File Upload vulnerability
Critical
CVE-2023-27602
was published
for
org.apache.linkis:linkis
(Maven)
Jul 6, 2023
ProTip!
Advisories are also available from the
GraphQL API