GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,040
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
XWiki allows RCE from script right in configurable sections
Critical
CVE-2024-55879
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Dec 12, 2024
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
Critical
CVE-2024-43401
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Aug 19, 2024
XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet
Critical
CVE-2024-37901
was published
for
org.xwiki.platform:xwiki-platform-search-ui
(Maven)
Jul 31, 2024
XWiki Platform remote code execution from account through UIExtension parameters
Critical
CVE-2024-31997
was published
for
org.xwiki.platform:xwiki-platform-uiextension-api
(Maven)
Apr 10, 2024
XWiki Platform remote code execution from account via custom skins support
Critical
CVE-2024-31987
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 10, 2024
XWiki Platform: Remote code execution from edit in multilingual wikis via translations
Critical
CVE-2024-31983
was published
for
org.xwiki.platform:xwiki-platform-localization-source-wiki
(Maven)
Apr 10, 2024
XWiki Platform: Privilege escalation (PR) from user registration through PDFClass
Critical
CVE-2024-31981
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 10, 2024
H2O local file inclusion vulnerability
Critical
CVE-2023-6038
was published
for
ai.h2o:h2o-core
(Maven)
Nov 16, 2023
Missing Authorization in Filter Stream Converter Application of XWiki-platform
Critical
CVE-2022-41937
was published
for
org.xwiki.platform:xwiki-platform-filter-ui
(Maven)
Nov 21, 2022
Pebble Templates Improper Input Validation vulnerability
Critical
CVE-2019-19899
was published
for
io.pebbletemplates:pebble-project
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21694
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21685
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21687
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21688
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21689
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21695
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Keycloak vulnerable to privilege escalation on Token Exchange feature
Critical
CVE-2022-1245
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 26, 2022
Missing authentication in ShenYu
Critical
CVE-2022-23944
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Exposure of sensitive information in Apache Ozone
Critical
CVE-2021-39231
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
File system access via H2 in Apache Ignite
Critical
CVE-2020-1963
was published
for
org.apache.ignite:ignite-core
(Maven)
Jun 5, 2020
Improper Input Validation in net.sf.robocode:robocode.host allows for external service interaction
Critical
CVE-2019-10648
was published
for
net.sf.robocode:robocode.host
(Maven)
Apr 2, 2019
ProTip!
Advisories are also available from the
GraphQL API