GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
720 advisories
Filter by severity
jeecg-boot SQL injection vulnerability
Critical
CVE-2023-34659
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Jun 16, 2023
JSONUtil vulnerable to stack exhaustion
Critical
CVE-2023-34615
was published
for
net.pwall.json:jsonutil
(Maven)
Jun 14, 2023
GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language
Critical
CVE-2023-35042
was published
for
org.geoserver:gs-wfs
(Maven)
Jun 12, 2023
xxl-rpc deserialization vulnerability
Critical
CVE-2023-33496
was published
for
com.xuxueli:xxl-rpc-core
(Maven)
Jun 7, 2023
glazedlists XML Deserialization vulnerability
Critical
CVE-2023-31890
was published
for
com.glazedlists:glazedlists
(Maven)
May 16, 2023
Apache Sling Commons JSON bundle vulnerable to Improper Input Validation
Critical
CVE-2022-47937
was published
for
org.apache.sling:org.apache.sling.commons.json
(Maven)
May 15, 2023
Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers
Critical
CVE-2023-32070
was published
for
org.xwiki.platform:xwiki-core-rendering-api
(Maven)
May 11, 2023
Privilege escalation (PR)/RCE from account through class sheet
Critical
CVE-2023-32069
was published
for
org.xwiki.platform:xwiki-platform-test-ui
(Maven)
May 11, 2023
Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml
Critical
CVE-2023-31126
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
May 9, 2023
XWiki Platform vulnerable to RXSS via editor parameter - importinline template
Critical
CVE-2023-32071
was published
for
org.xwiki.platform:xwiki-platform-distribution-war
(Maven)
May 9, 2023
Server-side template injection in beetl
Critical
CVE-2023-30331
was published
for
com.ibeetl:beetl
(Maven)
May 4, 2023
Command injection in OpenTSDB
Critical
CVE-2023-25826
was published
for
net.opentsdb:opentsdb
(Maven)
May 3, 2023
Duplicate Advisory: Arbitrary code execution in jfinal CMS
Critical
CVE-2023-26812
was published
for
com.jflyfox:jflyfox_jfinal
(Maven)
Apr 28, 2023
•
withdrawn
Remote code execution in JFinal CMS
Critical
CVE-2023-30349
was published
for
com.jflyfox:jflyfox_jfinal
(Maven)
Apr 27, 2023
PowerJob vulnerable to incorrect access control
Critical
CVE-2023-29924
was published
for
tech.powerjob:powerjob
(Maven)
Apr 21, 2023
XWiki Platform vulnerable to privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration
Critical
CVE-2023-29525
was published
for
org.xwiki.platform:xwiki-platform-distribution-war
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to code injection from account through AWM view sheet
Critical
CVE-2023-29527
was published
for
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
(Maven)
Apr 20, 2023
XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode
Critical
CVE-2023-29526
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to code injection from account through XWiki.SchedulerJobSheet
Critical
CVE-2023-29524
was published
for
org.xwiki.platform:xwiki-platform-scheduler-ui
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to code injection in display method used in user profiles
Critical
CVE-2023-29523
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to privilege escalation from view right on XWiki.AttachmentSelector
Critical
CVE-2023-29516
was published
for
org.xwiki.platform:xwiki-platform-attachment-ui
(Maven)
Apr 20, 2023
XWiki vulnerable to Code Injection in template provider administration
Critical
CVE-2023-29514
was published
for
org.xwiki.platform.applications:xwiki-application-administration
(Maven)
Apr 20, 2023
xwiki-platform-web-templates vulnerable to Eval Injection
Critical
CVE-2023-29512
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Apr 20, 2023
Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry
Critical
CVE-2023-20873
was published
for
org.springframework.boot:spring-boot-actuator-autoconfigure
(Maven)
Apr 20, 2023
Cross-site Scripting in org.xwiki.commons:xwiki-commons-xml
Critical
CVE-2023-29528
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
Apr 20, 2023
ProTip!
Advisories are also available from the
GraphQL API