Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

753 advisories

Loading
hyavijava stack overflow vulnerability Critical
CVE-2023-51084 was published for com.github:hyavijava (Maven) Dec 27, 2023
Apache IoTDB: Unsafe deserialize map in Sync Tool Critical
CVE-2023-51656 was published for org.apache.iotdb:iotdb-parent (Maven) Dec 21, 2023
Remote code execution/programming rights with configuration section from any user account Critical
CVE-2023-50723 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Dec 16, 2023
XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass Critical
CVE-2023-50722 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Dec 16, 2023
Remote code execution from account through SearchAdmin Critical
CVE-2023-50721 was published for org.xwiki.platform:xwiki-platform-search-ui (Maven) Dec 16, 2023
Apache StreamPark: Authenticated system users could trigger remote command execution Critical
CVE-2023-49898 was published for org.apache.streampark:streampark (Maven) Dec 15, 2023
Apache Dubbo: Bypass deny serialize list check in Apache Dubbo Critical
CVE-2023-46279 was published for org.apache.dubbo:dubbo (Maven) Dec 15, 2023
Bypass serialize checks in Apache Dubbo Critical
CVE-2023-29234 was published for org.apache.dubbo:dubbo (Maven) Dec 15, 2023
Improper JWT Signature Validation in SAP Security Services Library Critical
CVE-2023-50422 was published for com.sap.cloud.security.xsuaa:spring-xsuaa (Maven) Dec 13, 2023
rosenblueh
Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library Critical
GHSA-gcgw-q47m-prvj was published for com.sap.cloud.security.xsuaa:spring-xsuaa (Maven) Dec 12, 2023 withdrawn
Apache Struts vulnerable to path traversal Critical
CVE-2023-50164 was published for org.apache.struts:struts2-core (Maven) Dec 7, 2023
yoshizawa-masatoshi henrikplate
HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL Critical
CVE-2023-49093 was published for org.htmlunit:htmlunit (Maven) Dec 4, 2023
Solon is vulnerable to Deserialization of Untrusted Data Critical
CVE-2023-48967 was published for org.noear:solon (Maven) Dec 4, 2023
Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download Critical
CVE-2023-48910 was published for io.github.microcks:microcks (Maven) Dec 4, 2023
Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request Critical
CVE-2023-48887 was published for org.jupiter-rpc:jupiter-rpc (Maven) Dec 2, 2023
RuoYi vulnerable to SQL injection vulnerability Critical
CVE-2023-49371 was published for com.ruoyi:ruoyi (Maven) Dec 1, 2023
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability Critical
CVE-2023-49733 was published for org.apache.cocoon:cocoon (Maven) Nov 30, 2023
Apache Cocoon SQL Injection vulnerability Critical
CVE-2022-45135 was published for org.apache.cocoon:cocoon (Maven) Nov 30, 2023
Run Shell Command allows Cross-Site Request Forgery Critical
CVE-2023-48292 was published for org.xwiki.contrib:xwiki-application-admintools (Maven) Nov 20, 2023
Cookies are sent to external images in rendered diff (and server side request forgery) Critical
CVE-2023-48240 was published for org.xwiki.platform:xwiki-platform-diff-xml (Maven) Nov 20, 2023
Apache Derby: LDAP injection vulnerability in authenticator Critical
CVE-2022-46337 was published for org.apache.derby:derby (Maven) Nov 20, 2023
pdeslaur
Liferay Portal XSS with `p_l_back_url_title` on edit content page Critical
CVE-2023-47797 was published for com.liferay.portal:release.portal.bom (Maven) Nov 17, 2023
H2O local file inclusion vulnerability Critical
CVE-2023-6038 was published for ai.h2o:h2o-core (Maven) Nov 16, 2023
XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu Critical
CVE-2023-46732 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Nov 8, 2023
XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest Critical
CVE-2023-46731 was published for org.xwiki.platform:xwiki-platform-administration (Maven) Nov 8, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database