Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

27 advisories

Loading
Apache HugeGraph-Server: Command execution in gremlin Critical
CVE-2024-27348 was published for org.apache.hugegraph:hugegraph-api (Maven) Apr 22, 2024
FitNesse allows execution of arbitrary OS commands Critical
CVE-2024-28125 was published for org.fitnesse:fitnesse (Maven) Mar 18, 2024
Apache StreamPark: Authenticated system users could trigger remote command execution Critical
CVE-2023-49898 was published for org.apache.streampark:streampark (Maven) Dec 15, 2023
Spring-boot-admin sandbox bypass via crafted HTML High
CVE-2023-38286 was published for de.codecentric:spring-boot-admin-server (Maven) Jul 14, 2023
ymuraki-csc danielfernandez
Subrhamanya
Apache Kylin vulnerable to remote code execution Critical
CVE-2022-24697 was published for org.apache.kylin:kylin-core-common (Maven) Jul 6, 2023
Apache Spark UI vulnerable to Command Injection High
CVE-2023-32007 was published for org.apache.spark:spark-parent_2.12 (Maven) May 2, 2023
Snowflake JDBC vulnerable to command injection via SSO URL authentication High
CVE-2023-30535 was published for net.snowflake:snowflake-jdbc (Maven) Apr 14, 2023
Jenkins Convert To Pipeline Plugin vulnerable to command injection High
CVE-2023-28677 was published for org.jenkins-ci.plugins:convert-to-pipeline (Maven) Apr 2, 2023
Apache UIMA DUCC allows remote code execution High
CVE-2023-28935 was published for org.apache.uima:uima-ducc-parent (Maven) Mar 30, 2023
Apache Kylin vulnerable to Command injection by Useless configuration High
CVE-2022-43396 was published for org.apache.kylin:kylin (Maven) Dec 30, 2022
Apache Kylin vulnerable to Command injection by Diagnosis Controller Critical
CVE-2022-44621 was published for org.apache.kylin:kylin-server-base (Maven) Dec 30, 2022
Command injection in Apache DolphinScheduler Alert Plugins Critical
CVE-2022-45462 was published for org.apache.dolphinscheduler:dolphinscheduler-alert-plugins (Maven) Nov 23, 2022
NuProcess vulnerable to command-line injection through insertion of NUL character(s) High
CVE-2022-39243 was published for com.zaxxer:nuprocess (Maven) Sep 30, 2022
Apache James vulnerable to buffering attack High
CVE-2022-28220 was published for org.apache.james:james-server (Maven) Sep 9, 2022
Command injection in Apache Maven maven-shared-utils Critical
CVE-2022-29599 was published for org.apache.maven.shared:maven-shared-utils (Maven) May 24, 2022
Improper Neutralization of Special Elements used in a Command in FitNesse Wiki High
CVE-2014-1216 was published for org.fitnesse:fitnesse (Maven) May 17, 2022
Improper Neutralization of Special Elements used in a Command in Apache Cassandra High
CVE-2015-0225 was published for org.apache.cassandra:apache-cassandra (Maven) May 14, 2022
Apache Struts RCE Vulnerability High
CVE-2016-3081 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
Command Injection in VIVO Vitro High
CVE-2019-6986 was published for org.vivoweb:vitro-project (Maven) May 13, 2022
Apache Directory Studio Command Injection High
CVE-2015-5349 was published for org.apache.directory.studio:org.apache.directory.studio.ldapbrowser.core (Maven) May 13, 2022
Command Injection in Apache Kylin Moderate
CVE-2021-45456 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
Command Injection in Apache James Moderate
CVE-2021-38542 was published for org.apache.james:james-server (Maven) Jan 8, 2022
Command injection in itext7-core Critical
CVE-2021-43113 was published for com.itextpdf:itext7-core (Maven) Dec 16, 2021
Remote Code Execution in Apache Dubbo High
CVE-2021-36162 was published for org.apache.dubbo:dubbo (Maven) Sep 8, 2021
Bash command injection in Apache Zeppelin Critical
CVE-2019-10095 was published for org.apache.zeppelin:zeppelin (Maven) Sep 7, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database