GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
80 advisories
Filter by severity
Injection and Improper Input Validation in Apache Unomi
Critical
CVE-2020-13942
was published
for
org.apache.unomi:unomi
(Maven)
Feb 10, 2022
Credentials bypass in Apache Druid
Moderate
CVE-2020-1958
was published
for
org.apache.druid:druid
(Maven)
Feb 9, 2022
Remote code execution in xwiki-platform
High
CVE-2022-23616
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Feb 9, 2022
pgjdbc Does Not Check Class Instantiation when providing Plugin Classes
High
CVE-2022-21724
was published
for
org.postgresql:postgresql
(Maven)
Feb 2, 2022
Improper Input Validation and Injection in Apache Log4j2
Moderate
CVE-2021-44832
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Jan 4, 2022
An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node.
High
CVE-2020-35213
was published
for
io.atomix:atomix
(Maven)
Dec 17, 2021
Command injection leading to Remote Code Execution in Apache Storm
Critical
CVE-2021-38294
was published
for
org.apache.storm:storm
(Maven)
Oct 27, 2021
Expression injection in AviatorScript
Critical
CVE-2021-41862
was published
for
com.googlecode.aviator:aviator
(Maven)
Oct 4, 2021
Response Splitting from unsanitized headers
High
CVE-2021-41084
was published
for
org.http4s:http4s-client
(Maven)
Sep 22, 2021
HTTP header injection in Sonatype Nexus Repository
High
CVE-2021-40143
was published
for
org.sonatype.nexus:nexus-repository
(Maven)
Sep 8, 2021
Injection in MockServer
Moderate
CVE-2021-32827
was published
for
org.mock-server:mockserver
(Maven)
Aug 30, 2021
Injection in Apache Syncope
High
CVE-2020-1961
was published
for
org.apache.syncope:syncope-core
(Maven)
Jun 16, 2021
Command injection in Apache Unomi
High
CVE-2021-31164
was published
for
org.apache.unomi:unomi
(Maven)
Jun 16, 2021
Command injection in Apache Flink
Moderate
CVE-2020-1960
was published
for
org.apache.flink:flink-core
(Maven)
May 21, 2021
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-29505
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 18, 2021
Remote Code Execution in SCIMono
High
CVE-2021-21479
was published
for
com.sap.scimono:scimono-server
(Maven)
Feb 10, 2021
Code injection in Apache Ant
High
CVE-2020-11979
was published
for
org.apache.ant:ant
(Maven)
Feb 3, 2021
Server-Side Template Injection
High
CVE-2020-26282
was published
for
com.browserup:browserup-proxy
(Maven)
Dec 24, 2020
Template injection in cron-utils
Critical
CVE-2020-26238
was published
for
com.cronutils:cron-utils
(Maven)
Nov 24, 2020
Remote Code Execution in Apache Synapse
Critical
CVE-2017-15708
was published
for
org.apache.synapse:synapse-core
(Maven)
Nov 4, 2020
RCE in XWiki
High
CVE-2020-15252
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Oct 16, 2020
Users with SCRIPT right can execute arbitrary code in XWiki
Low
CVE-2020-15171
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 10, 2020
Server side template injection in Apache Camel
High
CVE-2020-11994
was published
for
org.apache.camel:camel-robotframework
(Maven)
Jul 29, 2020
Remote Code Execution (RCE) vulnerability in dropwizard-validation
High
CVE-2020-11002
was published
for
io.dropwizard:dropwizard-validation
(Maven)
Apr 10, 2020
HTTP Response Splitting in Styx
Moderate
CVE-2020-6858
was published
for
com.hotels.styx:styx-api
(Maven)
Mar 3, 2020
ProTip!
Advisories are also available from the
GraphQL API