GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
726 advisories
Filter by severity
Alluxio vulnerable to arbitrary code execution
Critical
CVE-2023-38889
was published
for
org.alluxio:alluxio-parent
(Maven)
Aug 15, 2023
Aerospike Java Client vulnerable to unsafe deserialization of server responses
Critical
CVE-2023-36480
was published
for
com.aerospike:aerospike-client
(Maven)
Aug 3, 2023
Code injection in webmagic-core
Critical
CVE-2023-39015
was published
for
us.codecraft:webmagic-core
(Maven)
Jul 28, 2023
Code injection in BoofCV
Critical
CVE-2023-39010
was published
for
org.boofcv:boofcv-core
(Maven)
Jul 28, 2023
Code injection in wix-embedded-mysql
Critical
CVE-2023-39021
was published
for
com.wix:wix-embedded-mysql
(Maven)
Jul 28, 2023
Code injection in Duke
Critical
CVE-2023-39013
was published
for
no.priv.garshol.duke:duke
(Maven)
Jul 28, 2023
Code injection in oscore
Critical
CVE-2023-39022
was published
for
opensymphony:oscore
(Maven)
Jul 28, 2023
Code injection in stanford-parser
Critical
CVE-2023-39020
was published
for
edu.stanford.nlp:stanford-parser
(Maven)
Jul 28, 2023
Code injection in PowerJob
Critical
CVE-2023-37754
was published
for
tech.powerjob:powerjob-common
(Maven)
Jul 28, 2023
SQL injection in jeecg-boot
Critical
CVE-2023-38992
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Jul 28, 2023
FFmpeg discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>
Critical
CVE-2023-39018
was published
for
net.bramp.ffmpeg:ffmpeg
(Maven)
Jul 28, 2023
•
withdrawn
Deserialization vulnerability in Helix workflow and REST
Critical
CVE-2023-38647
was published
for
org.apache.helix:helix-core
(Maven)
Jul 26, 2023
Remote code execution in Apache Jackrabbit
Critical
CVE-2023-37895
was published
for
org.apache.jackrabbit:jackrabbit-standalone
(Maven)
Jul 25, 2023
Hard-coded System User Credentials in Folio Data Export Spring module
Critical
GHSA-vf78-3q9f-92g3
was published
for
org.folio:mod-data-export-spring
(Maven)
Jul 25, 2023
SQL injection in audit endpoint
Critical
CVE-2023-35088
was published
for
org.apache.inlong:manager-service
(Maven)
Jul 25, 2023
Path Traversal in Apache Shiro
Critical
CVE-2023-34478
was published
for
org.apache.shiro:shiro-web
(Maven)
Jul 24, 2023
OpenAM vulnerable to user impersonation using SAMLv1.x SSO process
Critical
CVE-2023-37471
was published
for
org.openidentityplatform.openam:openam-federation-library
(Maven)
Jul 20, 2023
Access Control Bypass in Spring Security
Critical
CVE-2023-34034
was published
for
org.springframework.security:spring-security-config
(Maven)
Jul 19, 2023
rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message
Critical
CVE-2023-26512
was published
for
org.apache.eventmesh:eventmesh-connector-rabbitmq
(Maven)
Jul 17, 2023
org.xwiki.platform:xwiki-platform-skin-ui Eval Injection vulnerability
Critical
CVE-2023-37462
was published
for
org.xwiki.platform:xwiki-platform-skin-ui
(Maven)
Jul 14, 2023
RocketMQ NameServer component Code Injection vulnerability
Critical
CVE-2023-37582
was published
for
org.apache.rocketmq:rocketmq-namesrv
(Maven)
Jul 12, 2023
Apache Pulsar Incorrect Authorization vulnerability
Critical
CVE-2023-30429
was published
for
org.apache.pulsar:pulsar
(Maven)
Jul 12, 2023
XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API
Critical
CVE-2023-37277
was published
for
com.xpn.xwiki.platform:xwiki-core-rest-server
(Maven)
Jul 10, 2023
Apache RocketMQ may have remote code execution vulnerability when using update configuration function
Critical
CVE-2023-33246
was published
for
org.apache.rocketmq:rocketmq-broker
(Maven)
Jul 6, 2023
Apache InLong Insufficient Session Expiration vulnerability
Critical
CVE-2023-31065
was published
for
org.apache.inlong:manager-dao
(Maven)
Jul 6, 2023
ProTip!
Advisories are also available from the
GraphQL API