Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

77 advisories

Loading
Improper Control of Generation of Code ('Code Injection') in jai-ext Critical
CVE-2022-24816 was published for it.geosolutions.jaiext.jiffle:jt-jiffle (Maven) Sep 19, 2023
sikeoka
XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message Critical
CVE-2023-37914 was published for org.xwiki.platform:xwiki-platform-invitation-ui (Maven) Aug 18, 2023
Alluxio vulnerable to arbitrary code execution Critical
CVE-2023-38889 was published for org.alluxio:alluxio-parent (Maven) Aug 15, 2023
Code injection in stanford-parser Critical
CVE-2023-39020 was published for edu.stanford.nlp:stanford-parser (Maven) Jul 28, 2023
aikebah
Code injection in BoofCV Critical
CVE-2023-39010 was published for org.boofcv:boofcv-core (Maven) Jul 28, 2023
Code injection in webmagic-core Critical
CVE-2023-39015 was published for us.codecraft:webmagic-core (Maven) Jul 28, 2023
Code injection in Duke Critical
CVE-2023-39013 was published for no.priv.garshol.duke:duke (Maven) Jul 28, 2023
FFmpeg discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor> Critical
CVE-2023-39018 was published for net.bramp.ffmpeg:ffmpeg (Maven) Jul 28, 2023 withdrawn
Code injection in wix-embedded-mysql Critical
CVE-2023-39021 was published for com.wix:wix-embedded-mysql (Maven) Jul 28, 2023
Code injection in oscore Critical
CVE-2023-39022 was published for opensymphony:oscore (Maven) Jul 28, 2023
RocketMQ NameServer component Code Injection vulnerability Critical
CVE-2023-37582 was published for org.apache.rocketmq:rocketmq-namesrv (Maven) Jul 12, 2023
Apache RocketMQ may have remote code execution vulnerability when using update configuration function Critical
CVE-2023-33246 was published for org.apache.rocketmq:rocketmq-broker (Maven) Jul 6, 2023
HtmlUnit Code Injection vulnerability Critical
CVE-2023-26119 was published for net.sourceforge.htmlunit:htmlunit (Maven) Jul 6, 2023
jFinal Server-Side Template Injection vulnerability Critical
CVE-2021-31635 was published for com.jfinal:jfinal (Maven) Jun 26, 2023
XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults Critical
CVE-2023-35152 was published for org.xwiki.platform:xwiki-platform-like-ui (Maven) Jun 20, 2023
XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application Critical
CVE-2023-35150 was published for org.xwiki.platform:xwiki-platform-invitation-ui (Maven) Jun 20, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui vulnerable to privilege escalation Critical
CVE-2023-30537 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability Critical
CVE-2023-29509 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability Critical
CVE-2023-29214 was published for org.xwiki.platform:xwiki-platform-panels-ui (Maven) Apr 12, 2023
xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability Critical
CVE-2023-29212 was published for org.xwiki.platform:xwiki-platform-panels-ui (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerability Critical
CVE-2023-29211 was published for org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-notifications-ui Eval Injection vulnerability Critical
CVE-2023-29210 was published for org.xwiki.platform:xwiki-platform-notifications-ui (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability Critical
CVE-2023-29209 was published for org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability Critical
CVE-2023-26477 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) Mar 3, 2023
Remote Code Execution in com.bstek.uflo:uflo-core Critical
CVE-2022-25894 was published for com.bstek.uflo:uflo-core (Maven) Jan 26, 2023
ProTip! Advisories are also available from the GraphQL API