Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,472
Erlang
33
GitHub Actions
24
Go
2,195
Maven
5,000+
npm
3,841
NuGet
696
pip
3,632
Pub
12
RubyGems
911
Rust
910
Swift
38
Unreviewed advisories
All unreviewed
5,000+

759 advisories

Loading
Apache Derby: LDAP injection vulnerability in authenticator Critical
CVE-2022-46337 was published for org.apache.derby:derby (Maven) Nov 20, 2023
pdeslaur
Liferay Portal XSS with `p_l_back_url_title` on edit content page Critical
CVE-2023-47797 was published for com.liferay.portal:release.portal.bom (Maven) Nov 17, 2023
H2O local file inclusion vulnerability Critical
CVE-2023-6038 was published for ai.h2o:h2o-core (Maven) Nov 16, 2023
XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu Critical
CVE-2023-46732 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Nov 8, 2023
XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest Critical
CVE-2023-46731 was published for org.xwiki.platform:xwiki-platform-administration (Maven) Nov 8, 2023
XWiki Platform privilege escalation from script right to programming right through title displayer Critical
CVE-2023-46244 was published for org.xwiki.platform:xwiki-platform-display-api (Maven) Nov 7, 2023
XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF token Critical
CVE-2023-46242 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Nov 7, 2023
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request Critical
CVE-2023-46502 was published for org.opencrx:opencrx-client (Maven) Oct 31, 2023
Apache ActiveMQ is vulnerable to Remote Code Execution Critical
CVE-2023-46604 was published for org.apache.activemq:activemq-client (Maven) Oct 27, 2023
nmarcoccio sunSUNQ
XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages Critical
CVE-2023-45137 was published for org.xwiki.platform:xwiki-platform-web (Maven) Oct 25, 2023
XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled Critical
CVE-2023-45136 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Oct 25, 2023
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title Critical
CVE-2023-45135 was published for org.xwiki.platform:xwiki-platform-web (Maven) Oct 25, 2023
XWiki Platform XSS vulnerability from account in the create page form via template provider Critical
CVE-2023-45134 was published for org.xwiki.platform:xwiki-platform-web (Maven) Oct 25, 2023
org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter Critical
CVE-2023-37913 was published for org.xwiki.platform:xwiki-platform-office-importer (Maven) Oct 25, 2023
org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability Critical
CVE-2023-37908 was published for org.xwiki.rendering:xwiki-rendering-xml (Maven) Oct 25, 2023
SaToken privilege escalation vulnerability Critical
CVE-2023-44794 was published for cn.dev33:sa-token-core (Maven) Oct 25, 2023
Sureness uses hardcoded key Critical
CVE-2023-31581 was published for com.usthe.sureness:sureness-core (Maven) Oct 25, 2023
Yamcs API Directory Traversal vulnerability Critical
CVE-2023-45278 was published for org.yamcs:yamcs (Maven) Oct 19, 2023
XWiki Identity Oauth Privilege escalation (PR)/remote code execution from login screen through unescaped URL parameter Critical
CVE-2023-45144 was published for com.xwiki.identity-oauth:identity-oauth-ui (Maven) Oct 17, 2023
lucaswitvoet
XWiki Change Request Application UI XSS and remote code execution through change request title Critical
CVE-2023-45138 was published for org.xwiki.contrib.changerequest:application-changerequest-ui (Maven) Oct 17, 2023
michitux
Authorization Bypass in Apache InLong Critical
CVE-2023-43668 was published for org.apache.inlong:manager-pojo (Maven) Oct 16, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper Critical
CVE-2023-44981 was published for org.apache.zookeeper:zookeeper (Maven) Oct 11, 2023
SQL injection in jeecgboot Critical
CVE-2023-40989 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Sep 22, 2023
MarkLee131
Improper Control of Generation of Code ('Code Injection') in jai-ext Critical
CVE-2022-24816 was published for it.geosolutions.jaiext.jiffle:jt-jiffle (Maven) Sep 19, 2023
sikeoka
OpenRefine Remote Code execution in project import with mysql jdbc url attack Critical
CVE-2023-41887 was published for org.openrefine:database (Maven) Sep 12, 2023
nbxiglk0
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database