GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,361
Erlang
33
GitHub Actions
22
Go
2,128
Maven
5,000+
npm
3,795
NuGet
686
pip
3,473
Pub
12
RubyGems
895
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+
614 advisories
Filter by severity
Improper Control of Generation of Code ('Code Injection') in jai-ext
Critical
CVE-2022-24816
was published
for
it.geosolutions.jaiext.jiffle:jt-jiffle
(Maven)
Sep 19, 2023
JSONPath Plus allows Remote Code Execution
High
CVE-2025-1302
was published
for
jsonpath-plus
(npm)
Feb 15, 2025
Withdrawn Advisory: Command injection in Ray
Critical
CVE-2024-57000
was published
for
ray
(pip)
Feb 12, 2025
•
withdrawn
Remote code execution in alextselegidis/easyappointments
Moderate
CVE-2024-57601
was published
for
alextselegidis/easyappointments
(Composer)
Feb 13, 2025
Apache StreamPark: FreeMarker SSTI RCE Vulnerability
High
CVE-2024-29178
was published
for
org.apache.streampark:streampark
(Maven)
Jul 18, 2024
Apache InLong Manager Remote Code Execution vulnerability
Critical
CVE-2023-51784
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jan 3, 2024
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
High
CVE-2023-5044
was published
for
k8s.io/ingress-nginx
(Go)
Oct 25, 2023
Apache Ambari: authenticated users could perform command injection to perform RCE
High
CVE-2023-50379
was published
for
org.apache.ambari.contrib.views:ambari-contrib-views
(Maven)
Feb 27, 2024
Apache NiFi Code Injection vulnerability
High
CVE-2023-36542
was published
for
org.apache.nifi:nifi-cdc-mysql-bundle
(Maven)
Jul 29, 2023
RocketMQ NameServer component Code Injection vulnerability
Critical
CVE-2023-37582
was published
for
org.apache.rocketmq:rocketmq-namesrv
(Maven)
Jul 12, 2023
Apache Hive Code Injection vulnerability
Moderate
CVE-2023-35701
was published
for
org.apache.hive:hive-jdbc
(Maven)
May 3, 2024
Apache NiFi vulnerable to Code Injection
High
CVE-2023-34468
was published
for
org.apache.nifi:nifi-dbcp-base
(Maven)
Jun 12, 2023
PandasAI interactive prompt function Remote Code Execution (RCE)
Critical
CVE-2024-12366
was published
for
pandasai
(pip)
Feb 11, 2025
Apache MINA Deserialization RCE Vulnerability
Critical
CVE-2024-52046
was published
for
org.apache.mina:mina-core
(Maven)
Dec 25, 2024
Remote Code Execution Vulnerability in NPM mongo-express
Critical
CVE-2019-10758
was published
for
mongo-express
(npm)
Dec 30, 2019
Code Injection in PHPUnit
Critical
CVE-2017-9841
was published
for
phpunit/phpunit
(Composer)
Mar 26, 2022
JSONPath Plus Remote Code Execution (RCE) Vulnerability
Critical
CVE-2024-21534
was published
for
jsonpath-plus
(Maven)
Oct 11, 2024
Plenti - Code Injection - Denial of Services
Moderate
GHSA-mj4v-hp69-27x5
was published
for
github.com/plentico/plenti
(Go)
Feb 5, 2025
XWiki Platform allows remote code execution from user account
Critical
CVE-2024-37899
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 20, 2024
CycloneDX cdxgen may execute code contained within build-related files
Moderate
CVE-2024-50611
was published
for
@cyclonedx/cdxgen
(npm)
Oct 28, 2024
Spring Framework has Improperly Implemented Security Check for Standard
Critical
CVE-2018-1275
was published
for
org.springframework:spring-messaging
(Maven)
Oct 17, 2018
Spring Framework allows applications to expose STOMP over WebSocket endpoints
Critical
CVE-2018-1270
was published
for
org.springframework:spring-messaging
(Maven)
Oct 17, 2018
Remote Code Execution on click of <a> Link in markdown preview
High
CVE-2024-49362
was published
for
joplin
(npm)
Nov 14, 2024
Apache RocketMQ may have remote code execution vulnerability when using update configuration function
Critical
CVE-2023-33246
was published
for
org.apache.rocketmq:rocketmq-broker
(Maven)
Jul 6, 2023
Remote Code Execution in Spring Framework
Critical
CVE-2022-22965
was published
for
org.springframework.boot:spring-boot-starter-web
(Maven)
Mar 31, 2022
ProTip!
Advisories are also available from the
GraphQL API