GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
127 advisories
Filter by severity
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-29505
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 18, 2021
Improper Control of Generation of Code in Spring Security
Moderate
CVE-2011-2732
was published
for
org.springframework.security:spring-security-core
(Maven)
May 17, 2022
Improper Control of Generation of Code in Apache Kafka
Moderate
CVE-2018-1288
was published
for
org.apache.kafka:kafka
(Maven)
May 13, 2022
Improper Control of Generation of Code in HawtJNI
Moderate
CVE-2013-2035
was published
for
org.fusesource.hawtjni:hawtjni-runtime
(Maven)
May 17, 2022
Deserialization of Untrusted Data and Code Injection in xstream
Critical
CVE-2019-10173
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Jul 26, 2019
Template injection in thymeleaf-spring5
Critical
CVE-2021-43466
was published
for
org.thymeleaf:thymeleaf-spring5
(Maven)
Nov 10, 2021
XStream is vulnerable to a Remote Command Execution attack
Moderate
CVE-2021-21345
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Code injection in quarkus dev ui config editor
Critical
CVE-2022-4116
was published
for
io.quarkus:quarkus-vertx-http-deployment
(Maven)
Nov 22, 2022
Apache Cassandra vulnerable to Code Injection due to unsafe configuration
Critical
CVE-2021-44521
was published
for
org.apache.cassandra:cassandra-all
(Maven)
Feb 12, 2022
Remote Code Execution in Spring Framework
Critical
CVE-2022-22965
was published
for
org.springframework.boot:spring-boot-starter-web
(Maven)
Mar 31, 2022
Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console
Critical
CVE-2022-25767
was published
for
com.bstek.ureport:ureport2-console
(Maven)
May 3, 2022
Spring Framework allows applications to expose STOMP over WebSocket endpoints
Critical
CVE-2018-1270
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Users with SCRIPT right can execute arbitrary code in XWiki
Low
CVE-2020-15171
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 10, 2020
RCE in XWiki
High
CVE-2020-15252
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Oct 16, 2020
Remote code execution in Apache Struts
Critical
CVE-2020-17530
was published
for
org.apache.struts:struts2-core
(Maven)
Feb 9, 2022
Code injection in Apache Dubbo
Critical
CVE-2021-30181
was published
for
com.alibaba:dubbo
(Maven)
Mar 18, 2022
Code injection in Apache Dubbo
Critical
CVE-2021-30180
was published
for
org.apache.dubbo:dubbo
(Maven)
Mar 18, 2022
Code injection in spring-cloud-netflix-hystrix-dashboard
High
CVE-2021-22053
was published
for
org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard
(Maven)
Nov 23, 2021
Critical vulnerability found in cron-utils
Critical
CVE-2021-41269
was published
for
com.cronutils:cron-utils
(Maven)
Nov 15, 2021
Spring Boot Admins integrated notifier support allows arbitrary code execution
High
CVE-2022-46166
was published
for
de.codecentric:spring-boot-admin
(Maven)
Dec 9, 2022
Code injection in ShenYu
Critical
CVE-2021-45029
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability
Critical
CVE-2023-26477
was published
for
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
(Maven)
Mar 3, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability
Critical
CVE-2023-29509
was published
for
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability
Critical
CVE-2023-29209
was published
for
org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerability
Critical
CVE-2023-29211
was published
for
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
(Maven)
Apr 12, 2023
ProTip!
Advisories are also available from the
GraphQL API