GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
128 advisories
JDBC Driver for SQL Server has improper input validation issue
High
CVE-2025-59250
was published
for
com.microsoft.sqlserver:mssql-jdbc
(Maven)
Oct 14, 2025
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation
High
CVE-2018-11776
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 18, 2018
Improper Input Validation in Apache Struts
High
CVE-2016-1182
was published
for
org.apache.struts:struts-core
(Maven)
May 13, 2022
Improper Input Validation in Apache Struts
High
CVE-2016-1181
was published
for
org.apache.struts:struts-core
(Maven)
May 13, 2022
Improper Input Validation in Apache Struts
High
CVE-2015-0899
was published
for
org.apache.struts:struts-core
(Maven)
May 14, 2022
Denial of service in jackson-dataformat-toml
High
CVE-2023-3894
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformat-toml
(Maven)
Aug 8, 2023
MinIO Java Client XML Tag Value Substitution Vulnerability
High
CVE-2025-59952
was published
for
io.minio:minio
(Maven)
Sep 29, 2025
protobuf-java has potential Denial of Service issue
High
CVE-2024-7254
was published
for
com.google.protobuf:protobuf-java
(RubyGems)
Sep 19, 2024
Apache Tomcat Improper Input Validation vulnerability
High
CVE-2023-46589
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 28, 2023
Apache Avro Java SDK vulnerable to Improper Input Validation
High
CVE-2023-39410
was published
for
org.apache.avro:avro
(Maven)
Sep 29, 2023
SnakeYaml Constructor Deserialization Remote Code Execution
High
CVE-2022-1471
was published
for
org.yaml:snakeyaml
(Maven)
Dec 12, 2022
Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion
High
CVE-2021-45105
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Dec 18, 2021
lite-server vulnerable to Denial of Service
High
CVE-2022-25940
was published
for
lite-server
(Maven)
Dec 20, 2022
SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine
High
CVE-2025-24970
was published
for
io.netty:netty-handler
(Maven)
Feb 10, 2025
ProTip!
Advisories are also available from the
GraphQL API