Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

20 advisories

StimulusReflex arbitrary method call High
CVE-2024-28121 was published for stimulus_reflex (RubyGems) Mar 12, 2024
FelixMartel marcoroth
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability... Critical Unreviewed
CVE-2023-6943 was published Jan 30, 2024
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to... High Unreviewed
CVE-2024-0200 was published Jan 16, 2024
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels... High Unreviewed
CVE-2023-32217 was published Jul 6, 2023
The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a... High Unreviewed
CVE-2023-0460 was published Jul 6, 2023
A website could have obscured the fullscreen notification by using a URL with a scheme handled by... Moderate Unreviewed
CVE-2023-37207 was published Jul 5, 2023
Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code... High Unreviewed
CVE-2023-33652 was published Jun 6, 2023
avo possible unsafe reflection / partial DoS vulnerability High
CVE-2023-34102 was published for avo (RubyGems) Jun 6, 2023
FLX-0x00
Withdrawn: CVE Rejected: JXPath vulnerable to remote code execution when interpreting untrusted XPath expressions Critical
CVE-2022-41852 was published for commons-jxpath:commons-jxpath (Maven) Oct 6, 2022 withdrawn
Warxim JPLachance
HyperSQL DataBase vulnerable to remote code execution when processing untrusted input Critical
CVE-2022-41853 was published for org.hsqldb:hsqldb (Maven) Oct 6, 2022
lukaseder
In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could... High Unreviewed
CVE-2022-26469 was published Sep 7, 2022
Use of Externally-Controlled Input to Select Classes or Code in Infinispan High
CVE-2019-10174 was published for org.infinispan:infinispan-core (Maven) May 24, 2022
It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON)... High Unreviewed
CVE-2019-3834 was published May 24, 2022
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands... High Unreviewed
CVE-2018-5511 was published May 13, 2022
Sandbox bypass vulnerability in Jenkins Script Security Plugin Critical
CVE-2019-1003040 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
westonsteimel
Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin Critical
CVE-2019-1003041 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 13, 2022
westonsteimel
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and... Low Unreviewed
CVE-2004-2331 was published Apr 29, 2022
Kylin can receive user input and load any class through Class.forName(...). Moderate
CVE-2021-31522 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
Privilege Escalation in Hibernate Validator High
CVE-2017-7536 was published for org.hibernate:hibernate-validator (Maven) Jun 15, 2020
JesseEstum
Deserialization of Untrusted Data in Bouncy castle Critical
CVE-2018-1000613 was published for org.bouncycastle:bcprov-jdk15on (Maven) Oct 17, 2018
jkmartindale
ProTip! Advisories are also available from the GraphQL API