GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
JGit Improper Input Validation vulnerability
Critical
CVE-2014-9390
was published
for
mercurial
(Maven)
May 17, 2022
Apache DolphinScheduler vulnerable to Improper Input Validation
Critical
CVE-2022-45875
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Jan 4, 2023
Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService
Critical
CVE-2023-40743
was published
for
axis:axis
(Maven)
Sep 5, 2023
Apache Struts vulnerable to remote arbitrary command execution due to improper input validation
Critical
CVE-2017-5638
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 18, 2018
Remote code injection in Log4j
Critical
CVE-2021-44228
was published
for
com.guicedee.services:log4j-core
(Maven)
Dec 10, 2021
Improper Input Validation in Apache ActiveMQ
Critical
CVE-2016-3088
was published
for
org.apache.activemq:activemq-client
(Maven)
May 14, 2022
Apache Karaf Cave: Cave SSRF and arbitrary file access
Critical
CVE-2024-34365
was published
for
org.apache.karaf:cave
(Maven)
May 14, 2024
Apache Sling Commons JSON bundle vulnerable to Improper Input Validation
Critical
CVE-2022-47937
was published
for
org.apache.sling:org.apache.sling.commons.json
(Maven)
May 15, 2023
Spring Data Commons remote code injection vulnerability
Critical
CVE-2018-1273
was published
for
org.springframework.data:spring-data-commons
(Maven)
Oct 17, 2018
Hostname verification in Apache HttpClient 4.3 was disabled by default
Critical
CVE-2013-4366
was published
for
org.apache.httpcomponents:httpclient
(Maven)
May 13, 2022
Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal
Critical
CVE-2017-12611
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 16, 2018
Apache Struts vulnerable to arbitrary remote code execution due to improper input validation
Critical
CVE-2016-3087
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Arbitrary code execution in Apache Struts 2
Critical
CVE-2016-4438
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Remote Code Execution in Apache Struts
Critical
CVE-2016-3082
was published
for
org.apache.struts:struts2-core
(Maven)
May 17, 2022
Improper Input Validation in Apache ActiveMQ
Critical
CVE-2015-5254
was published
for
org.apache.activemq:activemq-client
(Maven)
May 13, 2022
Apache StreamPark Improper Input Validation vulnerability
Critical
CVE-2022-46365
was published
for
org.apache.streampark:streampark
(Maven)
Jul 6, 2023
Pebble Templates Improper Input Validation vulnerability
Critical
CVE-2019-19899
was published
for
io.pebbletemplates:pebble-project
(Maven)
May 24, 2022
Improper Input Validation in alilibaba:fastjson
Critical
CVE-2017-18349
was published
for
com.alibaba:fastjson
(Maven)
Oct 24, 2018
Improper Input Validation in net.sf.robocode:robocode.host allows for external service interaction
Critical
CVE-2019-10648
was published
for
net.sf.robocode:robocode.host
(Maven)
Apr 2, 2019
Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL
Critical
CVE-2022-42468
was published
for
org.apache.flume.flume-ng-sources:flume-jms-source
(Maven)
Oct 26, 2022
Improper Input Validation in JGroups
Critical
CVE-2016-2141
was published
for
org.jgroups:jgroups
(Maven)
May 13, 2022
Remote code execution in PATCH requests in Spring Data REST
Critical
CVE-2017-8046
was published
for
org.springframework.data:spring-data-rest-core
(Maven)
May 13, 2022
Injection and Improper Input Validation in Apache Unomi
Critical
CVE-2020-13942
was published
for
org.apache.unomi:unomi
(Maven)
Feb 10, 2022
Code execution in Apache Struts 1 plugin
Critical
CVE-2017-9791
was published
for
org.apache.struts:struts2-struts1-plugin
(Maven)
May 13, 2022
Remote code execution in Apache Commons Configuration
Critical
CVE-2020-1953
was published
for
org.apache.commons:commons-configuration2
(Maven)
May 21, 2020
ProTip!
Advisories are also available from the
GraphQL API