GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
30
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,683
NuGet
650
pip
3,299
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
726 advisories
Filter by severity
Apache Linkis Zip Slip issue
Critical
CVE-2023-27603
was published
for
org.apache.linkis:linkis
(Maven)
Jul 6, 2023
Apache Linkis Unrestricted File Upload vulnerability
Critical
CVE-2023-27602
was published
for
org.apache.linkis:linkis
(Maven)
Jul 6, 2023
Apache StreamPark Path Traversal vulnerability
Critical
CVE-2022-45802
was published
for
org.apache.streampark:streampark-common_2.11
(Maven)
Jul 6, 2023
Apache Linkis Authentication Bypass vulnerability
Critical
CVE-2023-27987
was published
for
org.apache.linkis:linkis
(Maven)
Jul 6, 2023
Deserialization of Untrusted Data in Groovy
Critical
CVE-2016-6814
was published
for
org.codehaus.groovy:groovy
(Maven)
May 13, 2022
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy
Critical
CVE-2015-3253
was published
for
org.codehaus.groovy:groovy
(Maven)
May 13, 2022
Improper Authentication vulnerability in Apache Solr
Critical
CVE-2024-45216
was published
for
org.apache.solr:solr
(Maven)
Oct 16, 2024
Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download
Critical
CVE-2023-48910
was published
for
io.github.microcks:microcks
(Maven)
Dec 4, 2023
XML external entity injection in Terracotta Quartz Scheduler
Critical
CVE-2019-13990
was published
for
org.quartz-scheduler:quartz
(Maven)
Jul 1, 2020
Apache Spark vulnerable to Improper Privilege Management
Critical
CVE-2023-22946
was published
for
org.apache.spark:spark-core_2.12
(Maven)
Apr 17, 2023
Improper Authentication in Apache Spark
Critical
CVE-2020-9480
was published
for
org.apache.spark:spark-parent_2.11
(Maven)
Feb 10, 2022
pac4j-core affected by a Java deserialization vulnerability
Critical
CVE-2023-25581
was published
for
org.pac4j:pac4j-core
(Maven)
Oct 11, 2024
OS Command Injection in Plexus-utils
Critical
CVE-2017-1000487
was published
for
org.codehaus.plexus:plexus-utils
(Maven)
May 13, 2022
Apache Accumulo Improper Authentication vulnerability
Critical
CVE-2023-34340
was published
for
org.apache.accumulo:accumulo-shell
(Maven)
Jun 21, 2023
Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)
Critical
CVE-2024-47561
was published
for
org.apache.avro:avro
(Maven)
Oct 3, 2024
Authorization bypass in Spring Security
Critical
CVE-2022-22978
was published
for
org.springframework.security:spring-security-core
(Maven)
May 20, 2022
Jenkins OpenId Connect Authentication Plugin lacks issuer claim validation
Critical
CVE-2024-47807
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Oct 2, 2024
Jenkins OpenId Connect Authentication Plugin lacks audience claim validation
Critical
CVE-2024-47806
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Oct 2, 2024
Deserialization vulnerability in Helix workflow and REST
Critical
CVE-2023-38647
was published
for
org.apache.helix:helix-core
(Maven)
Jul 26, 2023
SQL injection in audit endpoint
Critical
CVE-2023-35088
was published
for
org.apache.inlong:manager-service
(Maven)
Jul 25, 2023
Path Traversal in Apache Shiro
Critical
CVE-2023-34478
was published
for
org.apache.shiro:shiro-web
(Maven)
Jul 24, 2023
Improper JWT Signature Validation in SAP Security Services Library
Critical
CVE-2023-50422
was published
for
com.sap.cloud.security.xsuaa:spring-xsuaa
(Maven)
Dec 13, 2023
Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library
Critical
GHSA-gcgw-q47m-prvj
was published
for
com.sap.cloud.security.xsuaa:spring-xsuaa
(Maven)
Dec 12, 2023
•
withdrawn
Apache Submarine Server Core Incorrect Authorization vulnerability
Critical
CVE-2024-36265
was published
for
apache-submarine
(Maven)
Jun 12, 2024
JGit Improper Input Validation vulnerability
Critical
CVE-2014-9390
was published
for
mercurial
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API