GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
Apache Karaf Cave: Cave SSRF and arbitrary file access
Critical
CVE-2024-34365
was published
for
org.apache.karaf:cave
(Maven)
May 14, 2024
Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService
Critical
CVE-2023-40743
was published
for
axis:axis
(Maven)
Sep 5, 2023
Apache StreamPark Improper Input Validation vulnerability
Critical
CVE-2022-46365
was published
for
org.apache.streampark:streampark
(Maven)
Jul 6, 2023
Apache Sling Commons JSON bundle vulnerable to Improper Input Validation
Critical
CVE-2022-47937
was published
for
org.apache.sling:org.apache.sling.commons.json
(Maven)
May 15, 2023
Apache DolphinScheduler vulnerable to Improper Input Validation
Critical
CVE-2022-45875
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Jan 4, 2023
Apache Karaf vulnerable to potential code injection
Critical
CVE-2022-40145
was published
for
org.apache.karaf:apache-karaf
(Maven)
Dec 21, 2022
Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL
Critical
CVE-2022-42468
was published
for
org.apache.flume.flume-ng-sources:flume-jms-source
(Maven)
Oct 26, 2022
MySQL JDBC deserialization vulnerability
Critical
CVE-2022-39312
was published
for
io.dataease:dataease-plugin-common
(Maven)
Oct 18, 2022
Remote code execution in Apache Flume
Critical
CVE-2022-34916
was published
for
org.apache.flume.flume-ng-sources:flume-jms-source
(Maven)
Aug 22, 2022
Pebble Templates Improper Input Validation vulnerability
Critical
CVE-2019-19899
was published
for
io.pebbletemplates:pebble-project
(Maven)
May 24, 2022
JGit Improper Input Validation vulnerability
Critical
CVE-2014-9390
was published
for
mercurial
(Maven)
May 17, 2022
Remote Code Execution in Apache Struts
Critical
CVE-2016-3082
was published
for
org.apache.struts:struts2-core
(Maven)
May 17, 2022
Apache NiFi XSS issue in context path handling
Critical
CVE-2017-15697
was published
for
org.apache.nifi:nifi
(Maven)
May 14, 2022
Improper Input Validation in Apache ActiveMQ
Critical
CVE-2016-3088
was published
for
org.apache.activemq:activemq-client
(Maven)
May 14, 2022
Apache Struts vulnerable to arbitrary remote code execution due to improper input validation
Critical
CVE-2016-3087
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Arbitrary code execution in Apache Struts 2
Critical
CVE-2016-4438
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Improper Input Validation in Apache ActiveMQ
Critical
CVE-2015-5254
was published
for
org.apache.activemq:activemq-client
(Maven)
May 13, 2022
Code execution in Apache Struts 1 plugin
Critical
CVE-2017-9791
was published
for
org.apache.struts:struts2-struts1-plugin
(Maven)
May 13, 2022
Improper Input Validation in Spring AMQP
Critical
CVE-2016-2173
was published
for
org.springframework.amqp:spring-amqp
(Maven)
May 13, 2022
Hostname verification in Apache HttpClient 4.3 was disabled by default
Critical
CVE-2013-4366
was published
for
org.apache.httpcomponents:httpclient
(Maven)
May 13, 2022
Improper Input Validation in JGroups
Critical
CVE-2016-2141
was published
for
org.jgroups:jgroups
(Maven)
May 13, 2022
Remote code execution in PATCH requests in Spring Data REST
Critical
CVE-2017-8046
was published
for
org.springframework.data:spring-data-rest-core
(Maven)
May 13, 2022
Injection and Improper Input Validation in Apache Unomi
Critical
CVE-2020-13942
was published
for
org.apache.unomi:unomi
(Maven)
Feb 10, 2022
Security Advisory for "Log4Shell"
Critical
GHSA-v57x-gxfj-484q
was published
for
com.hazelcast.jet:hazelcast-jet
(Maven)
Jan 21, 2022
Apache Solr Improper Input Validation and Path Traversal
Critical
CVE-2021-44548
was published
for
org.apache.solr:solr-parent
(Maven)
Jan 6, 2022
ProTip!
Advisories are also available from the
GraphQL API