Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

732 advisories

Loading
hutool Buffer Overflow vulnerability Critical
CVE-2023-42277 was published for cn.hutool:hutool-core (Maven) Sep 9, 2023
Jeecg boot SQL Injection vulnerability Critical
CVE-2023-42268 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Sep 8, 2023
Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService Critical
CVE-2023-40743 was published for axis:axis (Maven) Sep 5, 2023
jkmartindale ebickle
XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution Critical
CVE-2023-40573 was published for com.xpn.xwiki.platform.plugins:xwiki-plugin-scheduler (Maven) Aug 23, 2023
XWiki Platform privilege escalation (PR) from account through AWM content fields Critical
CVE-2023-40177 was published for org.xwiki.platform:xwiki-platform-appwithinminutes-ui (Maven) Aug 21, 2023
XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message Critical
CVE-2023-37914 was published for org.xwiki.platform:xwiki-platform-invitation-ui (Maven) Aug 18, 2023
Alluxio vulnerable to arbitrary code execution Critical
CVE-2023-38889 was published for org.alluxio:alluxio-parent (Maven) Aug 15, 2023
Aerospike Java Client vulnerable to unsafe deserialization of server responses Critical
CVE-2023-36480 was published for com.aerospike:aerospike-client (Maven) Aug 3, 2023
FFmpeg discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor> Critical
CVE-2023-39018 was published for net.bramp.ffmpeg:ffmpeg (Maven) Jul 28, 2023 withdrawn
Code injection in PowerJob Critical
CVE-2023-37754 was published for tech.powerjob:powerjob-common (Maven) Jul 28, 2023
SQL injection in jeecg-boot Critical
CVE-2023-38992 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Jul 28, 2023
Code injection in BoofCV Critical
CVE-2023-39010 was published for org.boofcv:boofcv-core (Maven) Jul 28, 2023
Code injection in oscore Critical
CVE-2023-39022 was published for opensymphony:oscore (Maven) Jul 28, 2023
Code injection in Duke Critical
CVE-2023-39013 was published for no.priv.garshol.duke:duke (Maven) Jul 28, 2023
Code injection in wix-embedded-mysql Critical
CVE-2023-39021 was published for com.wix:wix-embedded-mysql (Maven) Jul 28, 2023
Code injection in webmagic-core Critical
CVE-2023-39015 was published for us.codecraft:webmagic-core (Maven) Jul 28, 2023
Code injection in stanford-parser Critical
CVE-2023-39020 was published for edu.stanford.nlp:stanford-parser (Maven) Jul 28, 2023
aikebah
Deserialization vulnerability in Helix workflow and REST Critical
CVE-2023-38647 was published for org.apache.helix:helix-core (Maven) Jul 26, 2023
Remote code execution in Apache Jackrabbit Critical
CVE-2023-37895 was published for org.apache.jackrabbit:jackrabbit-standalone (Maven) Jul 25, 2023
Hard-coded System User Credentials in Folio Data Export Spring module Critical
GHSA-vf78-3q9f-92g3 was published for org.folio:mod-data-export-spring (Maven) Jul 25, 2023
SQL injection in audit endpoint Critical
CVE-2023-35088 was published for org.apache.inlong:manager-service (Maven) Jul 25, 2023
Path Traversal in Apache Shiro Critical
CVE-2023-34478 was published for org.apache.shiro:shiro-web (Maven) Jul 24, 2023
OpenAM vulnerable to user impersonation using SAMLv1.x SSO process Critical
CVE-2023-37471 was published for org.openidentityplatform.openam:openam-federation-library (Maven) Jul 20, 2023
atorralba sylwia-budzynska
Access Control Bypass in Spring Security Critical
CVE-2023-34034 was published for org.springframework.security:spring-security-config (Maven) Jul 19, 2023
bbossola furti
rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message Critical
CVE-2023-26512 was published for org.apache.eventmesh:eventmesh-connector-rabbitmq (Maven) Jul 17, 2023
raboof
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database