GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+
5,308 advisories
Filter by severity
Apache Ignite: Possible RCE when deserializing incoming messages by the server node
Critical
CVE-2024-52577
was published
for
org.apache.ignite:ignite-core
(Maven)
Feb 14, 2025
Apache James MIME4J improper input validation vulnerability
Moderate
CVE-2024-21742
was published
for
org.apache.james:apache-mime4j-core
(Maven)
Feb 27, 2024
Denial of Service attack on windows app using Netty
Moderate
CVE-2025-25193
was published
for
io.netty:netty-common
(Maven)
Feb 10, 2025
Instaclustr Cassandra-Lucene-Index allows bypass of Cassandra RBAC
High
CVE-2025-26511
was published
for
com.instaclustr:cassandra-lucene-index-plugin
(Maven)
Feb 13, 2025
Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user
Moderate
CVE-2024-46910
was published
for
org.apache.atlas:apache-atlas
(Maven)
Feb 13, 2025
Apache StreamPark: FreeMarker SSTI RCE Vulnerability
High
CVE-2024-29178
was published
for
org.apache.streampark:streampark
(Maven)
Jul 18, 2024
Apache StreamPark: maven build params could trigger remote command execution
Moderate
CVE-2024-29737
was published
for
org.apache.streampark:streampark
(Maven)
Jul 17, 2024
Apache StreamPark: Unchecked maven build params could trigger remote command execution
Moderate
CVE-2023-52291
was published
for
org.apache.streampark:streampark
(Maven)
Jul 17, 2024
Cross-site Scripting (XSS) in CrafterCMS
High
CVE-2023-4136
was published
for
org.craftercms:crafter-engine
(Maven)
Aug 3, 2023
Spring Framework server Web DoS Vulnerability
High
CVE-2024-22233
was published
for
org.springframework:spring-core
(Maven)
Jan 22, 2024
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2024-21733
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 19, 2024
Remote Code Execution vulnerability in Apache IoTDB via UDF
High
CVE-2023-46226
was published
for
apache-iotdb
(Maven)
Jan 15, 2024
Apache Sling Servlets Resolver executes malicious code via path traversal
High
CVE-2024-23673
was published
for
org.apache.sling:org.apache.sling.servlets.resolver
(Maven)
Feb 6, 2024
Apache IoTDB: Unsafe deserialize map in Sync Tool
Critical
CVE-2023-51656
was published
for
org.apache.iotdb:iotdb-parent
(Maven)
Dec 21, 2023
Apache DolphinScheduler: Arbitrary js execute as root for authenticated users
High
CVE-2023-49299
was published
for
org.apache.dolphinscheduler:dolphinscheduler-master
(Maven)
Dec 30, 2023
Apache InLong Manager Remote Code Execution vulnerability
Critical
CVE-2023-51784
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jan 3, 2024
Apache InLong Manager Arbitrary File Read Vulnerability
High
CVE-2023-51785
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jan 3, 2024
Bypass serialize checks in Apache Dubbo
Critical
CVE-2023-29234
was published
for
org.apache.dubbo:dubbo
(Maven)
Dec 15, 2023
Apache Dubbo: Bypass deny serialize list check in Apache Dubbo
Critical
CVE-2023-46279
was published
for
org.apache.dubbo:dubbo
(Maven)
Dec 15, 2023
Apache Struts vulnerable to path traversal
Critical
CVE-2023-50164
was published
for
org.apache.struts:struts2-core
(Maven)
Dec 7, 2023
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
Moderate
CVE-2023-43123
was published
for
org.apache.storm:storm-core
(Maven)
Nov 23, 2023
Apache Cocoon SQL Injection vulnerability
Critical
CVE-2022-45135
was published
for
org.apache.cocoon:cocoon
(Maven)
Nov 30, 2023
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability
Critical
CVE-2023-49733
was published
for
org.apache.cocoon:cocoon
(Maven)
Nov 30, 2023
Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability
High
CVE-2023-39913
was published
for
org.apache.uima:uimaj
(Maven)
Nov 8, 2023
Apache ActiveMQ is vulnerable to Remote Code Execution
Critical
CVE-2023-46604
was published
for
org.apache.activemq:activemq-client
(Maven)
Oct 27, 2023
ProTip!
Advisories are also available from the
GraphQL API