Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

719 advisories

Loading
JSONUtil vulnerable to stack exhaustion Critical
CVE-2023-34615 was published for net.pwall.json:jsonutil (Maven) Jun 14, 2023
GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language Critical
CVE-2023-35042 was published for org.geoserver:gs-wfs (Maven) Jun 12, 2023
jodygarnett
xxl-rpc deserialization vulnerability Critical
CVE-2023-33496 was published for com.xuxueli:xxl-rpc-core (Maven) Jun 7, 2023
glazedlists XML Deserialization vulnerability Critical
CVE-2023-31890 was published for com.glazedlists:glazedlists (Maven) May 16, 2023
Apache Sling Commons JSON bundle vulnerable to Improper Input Validation Critical
CVE-2022-47937 was published for org.apache.sling:org.apache.sling.commons.json (Maven) May 15, 2023
Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers Critical
CVE-2023-32070 was published for org.xwiki.platform:xwiki-core-rendering-api (Maven) May 11, 2023
Privilege escalation (PR)/RCE from account through class sheet Critical
CVE-2023-32069 was published for org.xwiki.platform:xwiki-platform-test-ui (Maven) May 11, 2023
Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml Critical
CVE-2023-31126 was published for org.xwiki.commons:xwiki-commons-xml (Maven) May 9, 2023
XWiki Platform vulnerable to RXSS via editor parameter - importinline template Critical
CVE-2023-32071 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) May 9, 2023
Server-side template injection in beetl Critical
CVE-2023-30331 was published for com.ibeetl:beetl (Maven) May 4, 2023
Command injection in OpenTSDB Critical
CVE-2023-25826 was published for net.opentsdb:opentsdb (Maven) May 3, 2023
Duplicate Advisory: Arbitrary code execution in jfinal CMS Critical
CVE-2023-26812 was published for com.jflyfox:jflyfox_jfinal (Maven) Apr 28, 2023 withdrawn
Remote code execution in JFinal CMS Critical
CVE-2023-30349 was published for com.jflyfox:jflyfox_jfinal (Maven) Apr 27, 2023
PowerJob vulnerable to incorrect access control Critical
CVE-2023-29924 was published for tech.powerjob:powerjob (Maven) Apr 21, 2023
XWiki Platform vulnerable to privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration Critical
CVE-2023-29525 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Apr 20, 2023
XWiki Platform vulnerable to code injection from account through AWM view sheet Critical
CVE-2023-29527 was published for org.xwiki.platform:xwiki-platform-appwithinminutes-ui (Maven) Apr 20, 2023
XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode Critical
CVE-2023-29526 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 20, 2023
XWiki Platform vulnerable to code injection from account through XWiki.SchedulerJobSheet Critical
CVE-2023-29524 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Apr 20, 2023
XWiki Platform vulnerable to code injection in display method used in user profiles Critical
CVE-2023-29523 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 20, 2023
XWiki Platform vulnerable to privilege escalation from view right on XWiki.AttachmentSelector Critical
CVE-2023-29516 was published for org.xwiki.platform:xwiki-platform-attachment-ui (Maven) Apr 20, 2023
XWiki vulnerable to Code Injection in template provider administration Critical
CVE-2023-29514 was published for org.xwiki.platform.applications:xwiki-application-administration (Maven) Apr 20, 2023
xwiki-platform-web-templates vulnerable to Eval Injection Critical
CVE-2023-29512 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Apr 20, 2023
Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry Critical
CVE-2023-20873 was published for org.springframework.boot:spring-boot-actuator-autoconfigure (Maven) Apr 20, 2023
quinzhi namandf
Cross-site Scripting in org.xwiki.commons:xwiki-commons-xml Critical
CVE-2023-29528 was published for org.xwiki.commons:xwiki-commons-xml (Maven) Apr 20, 2023
Ynoof5
PowerJob vulnerable to remote code execution Critical
CVE-2023-29926 was published for tech.powerjob:powerjob (Maven) Apr 20, 2023
ProTip! Advisories are also available from the GraphQL API