Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,726
Maven
5,000+
npm
4,331
NuGet
763
pip
4,107
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

128 advisories

Loading
Denial of service in jackson-dataformat-toml High
CVE-2023-3894 was published for com.fasterxml.jackson.dataformat:jackson-dataformat-toml (Maven) Aug 8, 2023
Mochis ryanmurf
Credited to Mochis and ryanmurf
Apache OpenMeetings vulnerable to remote code execution via null-bye injection High
CVE-2023-29246 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 12, 2023
Snowflake JDBC vulnerable to command injection via SSO URL authentication High
CVE-2023-30535 was published for net.snowflake:snowflake-jdbc (Maven) Apr 14, 2023
Improper Input Validation In Eclipse BIRT High
CVE-2023-0100 was published for org.eclipse.birt:org.eclipse.birt.report.viewer (Maven) Mar 15, 2023
Http4s improperly parses User-Agent and Server headers High
CVE-2023-22465 was published for org.http4s:http4s-core (Maven) Jan 6, 2023
lite-server vulnerable to Denial of Service High
CVE-2022-25940 was published for lite-server (Maven) Dec 20, 2022
lirantal
Credited to lirantal
Apache CXF vulnerable to Exposure of Sensitive Information High
CVE-2022-46363 was published for org.apache.cxf:cxf-core (Maven) Dec 13, 2022
pavelarnost
Credited to pavelarnost
SnakeYaml Constructor Deserialization Remote Code Execution High
CVE-2022-1471 was published for org.yaml:snakeyaml (Maven) Dec 12, 2022
justintaft securisec
JLLeitschuh DmitriyLewen yairmzr pjfanning
Credited to justintaft, securisec, JLLeitschuh, DmitriyLewen, yairmzr, and pjfanning
TERASOLUNA Server Framework vulnerable to ClassLoader manipulation High
CVE-2022-43484 was published for org.terasoluna.gfw:terasoluna-gfw-common (Maven) Dec 5, 2022
kominen0214
Credited to kominen0214
Cross-site Scripting in Apache Hama High
CVE-2022-45470 was published for org.apache.hama:hama-core (Maven) Nov 21, 2022
Apache Tomcat may reject request containing invalid Content-Length header High
CVE-2022-42252 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 1, 2022
sunSUNQ westonsteimel
Credited to sunSUNQ and westonsteimel
Improper Input Validation in RESTEasy High
CVE-2020-1695 was published for org.jboss.resteasy:resteasy-client (Maven) May 24, 2022
DNS based denial of service in Apache Wicket High
CVE-2021-23937 was published for org.apache.wicket:wicket-core (Maven) May 24, 2022
raboof
Credited to raboof
Path traversal vulnerability in Jenkins agent names High
CVE-2021-21605 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Improper Input Validation in Undertow High
CVE-2020-1757 was published for io.undertow:undertow-core (Maven) May 24, 2022
yawkat
Credited to yawkat
Improper Verification of Cryptographic Signature in Apache Netbeans High
CVE-2019-17561 was published for org.codehaus.mevenide:netbeans (Maven) May 24, 2022
RCE vulnerability in Jenkins Azure Container Service Plugin High
CVE-2020-2168 was published for org.jenkins-ci.plugins:azure-acs (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
RCE vulnerability in Jenkins Pipeline: AWS Steps Plugin High
CVE-2020-2166 was published for de.taimos:pipeline-aws (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
RCE vulnerability in Jenkins OpenShift Pipeline Plugin High
CVE-2020-2167 was published for com.openshift.jenkins:openshift-pipeline (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Improper Input Validation in Jenkins Pipeline: Groovy Plugin High
CVE-2020-2109 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 24, 2022
Improper Input Validation in Jenkins Script Security Plugin High
CVE-2020-2110 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
Improper Input Validation in Apache Kafka High
CVE-2018-17196 was published for org.apache.kafka:kafka (Maven) May 24, 2022
Drools Improper Input Validation vulnerability allows remote attackers to execute arbitrary code in JBoss EAP High
CVE-2010-3708 was published for org.drools:drools-core (Maven) May 17, 2022
Caucho Quercus, as distributed in Resin, does not properly handle unspecified characters in the names of variables High
CVE-2012-2965 was published for com.caucho:resin (Maven) May 17, 2022
Improper Input Validation in Drools and jBPM High
CVE-2014-8125 was published for org.drools:drools-core (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database