GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
816 advisories
Eclipse Jersey has a Race Condition
Critical
CVE-2025-12383
was published
for
org.glassfish.jersey.core:jersey-client
(Maven)
Nov 18, 2025
Apache IoTDB: Deserialization of untrusted Data
Critical
CVE-2025-48459
was published
for
org.apache.iotdb:iotdb-confignode
(Maven)
Sep 24, 2025
Apache Tika XXE Vulnerability via Crafted XFA File Inside a PDF
Critical
CVE-2025-54988
was published
for
org.apache.tika:tika-parser-pdf-module
(Maven)
Aug 20, 2025
Apache Zeppelin remote code execution by adding malicious JDBC connection string
Critical
CVE-2024-31864
was published
for
org.apache.zeppelin:zeppelin-jdbc
(Maven)
Apr 9, 2024
Apache ActiveMQ is vulnerable to Remote Code Execution
Critical
CVE-2023-46604
was published
for
org.apache.activemq:activemq-client
(Maven)
Oct 27, 2023
Code injection in Apache Struts
Critical
CVE-2013-2251
was published
for
org.apache.struts:struts2-core
(Maven)
May 13, 2022
Apache Struts Remote Java Code Execution
Critical
CVE-2012-0391
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 4, 2022
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
Critical
CVE-2025-24813
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Mar 10, 2025
Remote Code Execution (RCE) vulnerability in geoserver
Critical
CVE-2024-36401
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jul 1, 2024
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
Critical
CVE-2024-23897
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jan 24, 2024
Remote Code Execution in Spring Framework
Critical
CVE-2022-22965
was published
for
org.springframework.boot:spring-boot-starter-web
(Maven)
Mar 31, 2022
Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression
Critical
CVE-2022-22963
was published
for
org.springframework.cloud:spring-cloud-function-context
(Maven)
Apr 3, 2022
Improper Control of Generation of Code ('Code Injection') in jai-ext
Critical
CVE-2022-24816
was published
for
it.geosolutions.jaiext.jiffle:jt-jiffle
(Maven)
Sep 19, 2023
Remote code injection in Log4j
Critical
CVE-2021-44228
was published
for
com.guicedee.services:log4j-core
(Maven)
Dec 10, 2021
Incomplete fix for Apache Log4j vulnerability
Critical
CVE-2021-45046
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Dec 14, 2021
Deserialization of Untrusted Data in Liferay Portal
Critical
CVE-2020-7961
was published
for
com.liferay.portal:com.liferay.portal.kernel
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API