GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
719 advisories
Filter by severity
Apache OpenMeetings missing authentication and can allow user impersonation
Critical
CVE-2023-28326
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
Mar 28, 2023
Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch
Critical
CVE-2023-20860
was published
for
org.springframework:spring
(Maven)
Mar 28, 2023
jeecg-boot SQL Injection vulnerability
Critical
CVE-2023-1454
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Mar 17, 2023
org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection
Critical
CVE-2023-27479
was published
for
org.xwiki.platform:xwiki-platform-panels-ui
(Maven)
Mar 8, 2023
Apache Dubbo vulnerable to Deserialization of Untrusted Data
Critical
CVE-2023-23638
was published
for
org.apache.dubbo:dubbo
(Maven)
Mar 8, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability
Critical
CVE-2023-26477
was published
for
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
(Maven)
Mar 3, 2023
XWiki Platform users may execute anything with superadmin right through comments and async macro
Critical
CVE-2023-26471
was published
for
org.xwiki.platform:xwiki-platform-rendering-async-macro
(Maven)
Mar 3, 2023
XWiki Platform may allow privilege escalation to programming rights via user's first name
Critical
CVE-2023-26055
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
Mar 3, 2023
XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile
Critical
CVE-2023-26472
was published
for
org.xwiki.platform:xwiki-platform-icon-ui
(Maven)
Mar 3, 2023
XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author
Critical
CVE-2023-26474
was published
for
org.xwiki.platform:xwiki-platform-legacy-oldcore
(Maven)
Mar 3, 2023
xwiki-platform vulnerable to Remote Code Execution in Annotations
Critical
CVE-2023-26475
was published
for
org.xwiki.platform:xwiki-platform-annotation-ui
(Maven)
Mar 2, 2023
Undertow client not checking server identity presented by server certificate in https connections
Critical
CVE-2022-4492
was published
for
io.undertow:undertow-core
(Maven)
Feb 23, 2023
GeoTools OGC Filter SQL Injection Vulnerabilities
Critical
CVE-2023-25158
was published
for
org.geotools:gt-jdbc
(Maven)
Feb 22, 2023
GeoServer OGC Filter SQL Injection Vulnerabilities
Critical
CVE-2023-25157
was published
for
org.geoserver.community:gs-jdbcconfig
(Maven)
Feb 22, 2023
Apache Kerby LdapIdentityBackend LDAP Injection vulnerability
Critical
CVE-2023-25613
was published
for
org.apache.kerby:ldap-backend
(Maven)
Feb 20, 2023
java-xmlbuilder vulnerable to XML External Entity Reference
Critical
CVE-2014-125087
was published
for
com.jamesmurty.utils:java-xmlbuilder
(Maven)
Feb 19, 2023
Sandbox escape in Jenkins Email Extension Plugin
Critical
CVE-2023-25765
was published
for
org.jenkins-ci.plugins:email-ext
(Maven)
Feb 15, 2023
Arbitrary file deletion in ureport
Critical
CVE-2023-24188
was published
for
com.bstek.ureport:ureport2-core
(Maven)
Feb 13, 2023
CodenameOne Pending Intent vulnerability
Critical
CVE-2022-4903
was published
for
com.codenameone:codenameone-core
(Maven)
Feb 10, 2023
Apache InLong vulnerable to Deserialization of Untrusted Data vulnerability
Critical
CVE-2023-24997
was published
for
org.apache.inlong:inlong
(Maven)
Feb 1, 2023
Dromara Hutool Deserialization of Untrusted Data vulnerability
Critical
CVE-2023-24162
was published
for
cn.hutool:hutool-all
(Maven)
Jan 31, 2023
Dromara hutool vulnerable to SQL Injection
Critical
CVE-2023-24163
was published
for
cn.hutool:hutool-all
(Maven)
Jan 31, 2023
Remote Code Execution in com.bstek.uflo:uflo-core
Critical
CVE-2022-25894
was published
for
com.bstek.uflo:uflo-core
(Maven)
Jan 26, 2023
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
Critical
CVE-2023-24429
was published
for
org.jenkins-ci.plugins:semantic-versioning-plugin
(Maven)
Jan 26, 2023
Session fixation vulnerability in Jenkins Bitbucket OAuth Plugin
Critical
CVE-2023-24427
was published
for
org.jenkins-ci.plugins:bitbucket-oauth
(Maven)
Jan 26, 2023
ProTip!
Advisories are also available from the
GraphQL API