GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
83 advisories
Filter by severity
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
Critical
CVE-2024-43401
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Aug 19, 2024
XXL-RPC Deserialization of Untrusted Data vulnerability
Critical
CVE-2023-45146
was published
for
com.xuxueli:xxl-rpc-core
(Maven)
Aug 5, 2024
Redisson vulnerable to Deserialization of Untrusted Data
Critical
CVE-2023-42809
was published
for
org.redisson:redisson
(Maven)
Aug 5, 2024
Remote code execution in Spring Cloud Data Flow
Critical
CVE-2024-37084
was published
for
org.springframework.cloud:spring-cloud-skipper
(Maven)
Jul 25, 2024
XWiki Platform allows remote code execution from user account
Critical
CVE-2024-37899
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 20, 2024
Genie Path Traversal vulnerability via File Uploads
Critical
CVE-2024-4701
was published
for
com.netflix.genie:genie-web
(Maven)
May 9, 2024
Apache Zeppelin remote code execution by adding malicious JDBC connection string
Critical
CVE-2024-31864
was published
for
org.apache.zeppelin:zeppelin-jdbc
(Maven)
Apr 9, 2024
Improper escaping in Apache Zeppelin
Critical
CVE-2024-31866
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Apr 9, 2024
Central Dogma Authentication Bypass Vulnerability via Session Leakage
Critical
CVE-2024-1143
was published
for
com.linecorp.centraldogma:centraldogma-server
(Maven)
Feb 2, 2024
XWiki Remote Code Execution Vulnerability via User Registration
Critical
CVE-2024-21650
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Jan 8, 2024
Apache Struts vulnerable to path traversal
Critical
CVE-2023-50164
was published
for
org.apache.struts:struts2-core
(Maven)
Dec 7, 2023
XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages
Critical
CVE-2023-45137
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Oct 25, 2023
XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled
Critical
CVE-2023-45136
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Oct 25, 2023
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title
Critical
CVE-2023-45135
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Oct 25, 2023
XWiki Platform XSS vulnerability from account in the create page form via template provider
Critical
CVE-2023-45134
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Oct 25, 2023
org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability
Critical
CVE-2023-37908
was published
for
org.xwiki.rendering:xwiki-rendering-xml
(Maven)
Oct 25, 2023
Improper Control of Generation of Code ('Code Injection') in jai-ext
Critical
CVE-2022-24816
was published
for
it.geosolutions.jaiext.jiffle:jt-jiffle
(Maven)
Sep 19, 2023
OpenRefine Remote Code execution in project import with mysql jdbc url attack
Critical
CVE-2023-41887
was published
for
org.openrefine:database
(Maven)
Sep 12, 2023
Aerospike Java Client vulnerable to unsafe deserialization of server responses
Critical
CVE-2023-36480
was published
for
com.aerospike:aerospike-client
(Maven)
Aug 3, 2023
Apache StreamPark Improper Input Validation vulnerability
Critical
CVE-2022-46365
was published
for
org.apache.streampark:streampark
(Maven)
Jul 6, 2023
Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml
Critical
CVE-2023-31126
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
May 9, 2023
Command injection in OpenTSDB
Critical
CVE-2023-25826
was published
for
net.opentsdb:opentsdb
(Maven)
May 3, 2023
Cross-site Scripting in org.xwiki.commons:xwiki-commons-xml
Critical
CVE-2023-29528
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
Apr 20, 2023
Apache Spark vulnerable to Improper Privilege Management
Critical
CVE-2023-22946
was published
for
org.apache.spark:spark-core_2.12
(Maven)
Apr 17, 2023
org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability
Critical
CVE-2023-29202
was published
for
org.xwiki.platform:xwiki-core-rendering-macro-rss
(Maven)
Apr 12, 2023
ProTip!
Advisories are also available from the
GraphQL API