Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,825
Erlang
29
GitHub Actions
16
Go
1,715
Maven
4,950
npm
3,479
NuGet
605
pip
3,009
Pub
10
RubyGems
830
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+

115 advisories

Improper Control of Generation of Code ('Code Injection') in jai-ext Critical
CVE-2022-24816 was published for it.geosolutions.jaiext.jiffle:jt-jiffle (Maven) Sep 19, 2023
sikeoka
hson-java vulnerable to denial of service High
CVE-2023-39685 was published for org.hjson:hjson (Maven) Sep 1, 2023
pf4j vulnerable to remote code execution via loadpluginPath parameter High
CVE-2023-40827 was published for org.pf4j:pf4j (Maven) Aug 29, 2023
pf4j vulnerable to remote code execution via expandIfZip method in the extract function High
CVE-2023-40828 was published for org.pf4j:pf4j (Maven) Aug 29, 2023
pf4j vulnerable to remote code execution via the zippluginPath parameter High
CVE-2023-40826 was published for org.pf4j:pf4j (Maven) Aug 29, 2023
XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message Critical
CVE-2023-37914 was published for org.xwiki.platform:xwiki-platform-invitation-ui (Maven) Aug 18, 2023
Alluxio vulnerable to arbitrary code execution Critical
CVE-2023-38889 was published for org.alluxio:alluxio-parent (Maven) Aug 15, 2023
Apache NiFi Code Injection vulnerability High
CVE-2023-36542 was published for org.apache.nifi:nifi-cdc-mysql-bundle (Maven) Jul 29, 2023
Code injection in webmagic-core Critical
CVE-2023-39015 was published for us.codecraft:webmagic-core (Maven) Jul 28, 2023
Code injection in wix-embedded-mysql Critical
CVE-2023-39021 was published for com.wix:wix-embedded-mysql (Maven) Jul 28, 2023
Code injection in oscore Critical
CVE-2023-39022 was published for opensymphony:oscore (Maven) Jul 28, 2023
Code injection in BoofCV Critical
CVE-2023-39010 was published for org.boofcv:boofcv-core (Maven) Jul 28, 2023
Code injection in stanford-parser Critical
CVE-2023-39020 was published for edu.stanford.nlp:stanford-parser (Maven) Jul 28, 2023
Code injection in Duke Critical
CVE-2023-39013 was published for no.priv.garshol.duke:duke (Maven) Jul 28, 2023
FFmpeg discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor> Critical
CVE-2023-39018 was published for net.bramp.ffmpeg:ffmpeg (Maven) Jul 28, 2023 withdrawn
RocketMQ NameServer component Code Injection vulnerability Critical
CVE-2023-37582 was published for org.apache.rocketmq:rocketmq-namesrv (Maven) Jul 12, 2023
Apache RocketMQ may have remote code execution vulnerability when using update configuration function Critical
CVE-2023-33246 was published for org.apache.rocketmq:rocketmq-broker (Maven) Jul 6, 2023
HtmlUnit Code Injection vulnerability Critical
CVE-2023-26119 was published for net.sourceforge.htmlunit:htmlunit (Maven) Jul 6, 2023
XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults Critical
CVE-2023-35152 was published for org.xwiki.platform:xwiki-platform-like-ui (Maven) Jun 20, 2023
XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application Critical
CVE-2023-35150 was published for org.xwiki.platform:xwiki-platform-invitation-ui (Maven) Jun 20, 2023
Apache NiFi vulnerable to Code Injection High
CVE-2023-34468 was published for org.apache.nifi:nifi-dbcp-base (Maven) Jun 12, 2023
exceptionfactory
Sqlite-jdbc vulnerable to remote code execution when JDBC url is attacker controlled High
CVE-2023-32697 was published for org.xerial:sqlite-jdbc (Maven) May 23, 2023
4390c336
org.xwiki.platform:xwiki-platform-flamingo-theme-ui vulnerable to privilege escalation Critical
CVE-2023-30537 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability Critical
CVE-2023-29509 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability Critical
CVE-2023-29214 was published for org.xwiki.platform:xwiki-platform-panels-ui (Maven) Apr 12, 2023
ProTip! Advisories are also available from the GraphQL API