Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,742
Maven
5,000+
npm
4,339
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

820 advisories

Loading
Neo4j Graph Database vulnerable to Path Traversal Critical
CVE-2021-42767 was published for org.neo4j.procedure:apoc (Maven) Feb 1, 2022
ngrodum
Credited to ngrodum
Missing authentication in ShenYu Critical
CVE-2022-23944 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607
Credited to tdunlap607
Code injection in ShenYu Critical
CVE-2021-45029 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
Mingsoft MCMS vulnerable to Remote Code Execution via file upload. Critical
CVE-2021-46386 was published for net.mingsoft:ms-mcms (Maven) Jan 27, 2022
SQL Injection in JeecgBoot Critical
CVE-2021-46089 was published for org.jeecgframework.boot:jeecg-boot-base (Maven) Jan 26, 2022
Arbitrary File Upload in Mingsoft MCMS Critical
CVE-2022-22929 was published for net.mingsoft:ms-mcms (Maven) Jan 22, 2022
RCE in Mingsoft MCMS Critical
CVE-2022-22930 was published for net.mingsoft:ms-mcms (Maven) Jan 22, 2022
Arbitrary file upload in Mingsoft MCMS Critical
CVE-2022-23315 was published for net.mingsoft:ms-mcms (Maven) Jan 22, 2022
corenlp is vulnerable to Improper Restriction of XML External Entity Reference Critical
CVE-2022-0239 was published for edu.stanford.nlp:stanford-corenlp (Maven) Jan 21, 2022
Path traversal in Apache James Critical
CVE-2021-40525 was published for org.apache.james:james-server (Maven) Jan 21, 2022
SQL Injection in Log4j 1.2.x Critical
CVE-2022-23305 was published for log4j:log4j (Maven) Jan 21, 2022
SebGondron
Credited to SebGondron
Security Advisory for "Log4Shell" Critical
GHSA-v57x-gxfj-484q was published for com.hazelcast.jet:hazelcast-jet (Maven) Jan 21, 2022
frant-hartm
Credited to frant-hartm
Arbitrary code execution in H2 Console Critical
CVE-2022-23221 was published for com.h2database:h2 (Maven) Jan 21, 2022
Deserialization of Untrusted Data in Apache Log4j Critical
CVE-2022-23307 was published for log4j:log4j (Maven) Jan 19, 2022
zbazztian SebGondron
Credited to zbazztian and SebGondron
Deserialization of Untrusted Data in Dubbo Critical
CVE-2021-43297 was published for org.apache.dubbo:dubbo (Maven) Jan 12, 2022
RCE in H2 Console Critical
CVE-2021-42392 was published for com.h2database:h2 (Maven) Jan 6, 2022
Apache Solr Improper Input Validation and Path Traversal Critical
CVE-2021-44548 was published for org.apache.solr:solr-parent (Maven) Jan 6, 2022
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library Critical
GHSA-3qpm-h9ch-px3c was published for org.powernukkit:powernukkit (Maven) Jan 6, 2022
LoboMetalurgico PleaseInsertNameHere
Credited to LoboMetalurgico and PleaseInsertNameHere
Critical vulnerability in log4j may affect generated PEAR projects Critical
GHSA-j7c3-96rf-jrrp was published for de.averbis.textanalysis:pear-archetype (Maven) Dec 16, 2021
Exposure of Resource to Wrong Sphere in org.craftercms:crafter-search Critical
CVE-2021-23264 was published for org.craftercms:crafter-search (Maven) Dec 16, 2021
Command injection in itext7-core Critical
CVE-2021-43113 was published for com.itextpdf:itext7-core (Maven) Dec 16, 2021
Remote code injection in Log4j Critical
GHSA-94g7-hpv8-h9qm was published for com.splunk.logging:splunk-library-javalogging (Maven) Dec 14, 2021
natstatenet
Credited to natstatenet
Files Accessible to External Parties in Opencast Critical
CVE-2021-43821 was published for org.opencastproject:opencast-ingest-service-impl (Maven) Dec 14, 2021
gregorydlogan
Credited to gregorydlogan
Apache Log4j Remote Code Execution Critical
GHSA-mf4f-j588-5xm8 was published for org.opencastproject:opencast-common (Maven) Dec 14, 2021
gregorydlogan
Credited to gregorydlogan
Incomplete fix for Apache Log4j vulnerability Critical
CVE-2021-45046 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 14, 2021
mrjonstrong afdesk
ppkarwasz
Credited to mrjonstrong, afdesk, and ppkarwasz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database