Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,362
Erlang
33
GitHub Actions
22
Go
2,134
Maven
5,000+
npm
3,797
NuGet
687
pip
3,473
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

134 advisories

Loading
Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console Critical
CVE-2022-25767 was published for com.bstek.ureport:ureport2-console (Maven) May 3, 2022
Robocode Arbitrary Code Execution Moderate
CVE-2007-6382 was published for net.sf.robocode:robocode.core (Maven) May 1, 2022
Mortbay Jetty CRLF Injection Vulnerability Moderate
CVE-2007-5615 was published for org.mortbay.jetty:jetty (Maven) May 1, 2022
Struts ParameterInterceptor vulnerability allows remote command execution Critical
CVE-2011-3923 was published for org.apache.struts:struts2-core (Maven) Apr 22, 2022
Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression Critical
CVE-2022-22963 was published for org.springframework.cloud:spring-cloud-function-context (Maven) Apr 3, 2022
Tsuki124
Remote Code Execution in Spring Framework Critical
CVE-2022-22965 was published for org.springframework.boot:spring-boot-starter-web (Maven) Mar 31, 2022
rotilho cdupuis
briandealwis
Code injection in Apache Dubbo Critical
CVE-2021-30180 was published for org.apache.dubbo:dubbo (Maven) Mar 18, 2022
Code injection in Apache Dubbo Critical
CVE-2021-30181 was published for com.alibaba:dubbo (Maven) Mar 18, 2022
Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured Critical
CVE-2022-22947 was published for org.springframework.cloud:spring-cloud-gateway (Maven) Mar 4, 2022
jbmagination
Apache Cassandra vulnerable to Code Injection due to unsafe configuration Critical
CVE-2021-44521 was published for org.apache.cassandra:cassandra-all (Maven) Feb 12, 2022
Remote code execution in Apache Struts Critical
CVE-2020-17530 was published for org.apache.struts:struts2-core (Maven) Feb 9, 2022
Remote code execution in Apache ActiveMQ Critical
CVE-2020-11998 was published for org.apache.activemq:activemq-parent (Maven) Feb 9, 2022
sunSUNQ
Code injection in ShenYu Critical
CVE-2021-45029 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
Code Injection in jackson-databind High
CVE-2020-24616 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Code injection in spring-cloud-netflix-hystrix-dashboard High
CVE-2021-22053 was published for org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard (Maven) Nov 23, 2021
Critical vulnerability found in cron-utils Critical
CVE-2021-41269 was published for com.cronutils:cron-utils (Maven) Nov 15, 2021
NielsDoucet pwntester
Template injection in thymeleaf-spring5 Critical
CVE-2021-43466 was published for org.thymeleaf:thymeleaf-spring5 (Maven) Nov 10, 2021
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-39144 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-29505 was published for com.thoughtworks.xstream:xstream (Maven) May 18, 2021
Script injection without script or programming rights through Gadget titles High
CVE-2021-32621 was published for org.xwiki.commons:xwiki-commons-core (Maven) May 18, 2021
Remote code execution in handlebars when compiling templates Critical
CVE-2021-23369 was published for handlebars (Maven) May 6, 2021
westonsteimel
XStream is vulnerable to a Remote Command Execution attack Moderate
CVE-2021-21345 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
Code injection in Apache Ant High
CVE-2020-11979 was published for org.apache.ant:ant (Maven) Feb 3, 2021
cpropps-sysdig
RCE in XWiki High
CVE-2020-15252 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Oct 16, 2020
Users with SCRIPT right can execute arbitrary code in XWiki Low
CVE-2020-15171 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 10, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database