Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,370
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,477
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

116 advisories

Loading
SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine High
CVE-2025-24970 was published for io.netty:netty-handler (Maven) Feb 10, 2025
johnou
Apache DolphinScheduler: Arbitrary js execute as root for authenticated users High
CVE-2023-49299 was published for org.apache.dolphinscheduler:dolphinscheduler-master (Maven) Dec 30, 2023
Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability High
CVE-2023-39913 was published for org.apache.uima:uimaj (Maven) Nov 8, 2023
Apache Avro Java SDK vulnerable to Improper Input Validation High
CVE-2023-39410 was published for avro (Maven) Sep 29, 2023
Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users High
CVE-2024-23320 was published for org.apache.dolphinscheduler:dolphinscheduler-master (Maven) Feb 23, 2024
westonsteimel
Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution High
CVE-2024-27135 was published for org.apache.pulsar:pulsar-functions-worker (Maven) Mar 12, 2024
oscerd
Improper Input Validation in Apache Struts High
CVE-2006-1547 was published for struts:struts (Maven) May 1, 2022
Apache James vulnerable to denial of service through the use of IMAP literals High
CVE-2024-37358 was published for org.apache.james.protocols:protocols-imap (Maven) Feb 6, 2025
SnakeYaml Constructor Deserialization Remote Code Execution High
CVE-2022-1471 was published for org.yaml:snakeyaml (Maven) Dec 12, 2022
justintaft securisec
JLLeitschuh DmitriyLewen yairmzr pjfanning
Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying High
CVE-2024-27894 was published for org.apache.pulsar:pulsar-functions-worker (Maven) Mar 12, 2024
oscerd
protobuf-java has potential Denial of Service issue High
CVE-2024-7254 was published for com.google.protobuf:protobuf-java (RubyGems) Sep 19, 2024
Apache Syncope Improper Input Validation vulnerability High
CVE-2024-38503 was published for org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui (Maven) Jul 22, 2024
SMTP smuggling in Apache James High
CVE-2023-51747 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd
Apache DolphinScheduler: Resource File Read And Write Vulnerability High
CVE-2024-30188 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Aug 12, 2024
Apache DolphinScheduler: RCE by arbitrary js execution High
CVE-2024-29831 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Aug 12, 2024
Spring Cloud Function Framework vulnerable to Denial of Service High
CVE-2024-22271 was published for org.springframework.cloud:spring-cloud-function-context (Maven) Jul 9, 2024
Improper Input Validation in Apache Solr High
CVE-2019-17558 was published for org.apache.solr:solr-core (Maven) Feb 12, 2020
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation High
CVE-2018-11776 was published for org.apache.struts:struts2-core (Maven) Oct 18, 2018
sunSUNQ
Improper Input Validation in Datomic High
CVE-2018-10054 was published for com.datomic:datomic-free (Maven) May 13, 2022
Absent Input Validation in BinaryHttpParser High
CVE-2024-40642 was published for io.netty.incubator:netty-incubator-codec-bhttp (Maven) Jul 18, 2024
shombo
Apache Tomcat Improper Input Validation vulnerability High
CVE-2023-46589 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 28, 2023
biehl1
Improper Input Validation in Apache Spark High
CVE-2018-11804 was published for org.apache.spark:spark-core (Maven) May 14, 2022
Arbitrary code execution in Apache Commons BeanUtils High
CVE-2014-0114 was published for commons-beanutils:commons-beanutils (Maven) Jun 10, 2020
SunBK201
Apache Tomcat may reject request containing invalid Content-Length header High
CVE-2022-42252 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 1, 2022
sunSUNQ westonsteimel
Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API High
CVE-2023-51444 was published for org.geoserver:gs-platform (Maven) Mar 20, 2024
sikeoka
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database