GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,444
Erlang
29
GitHub Actions
16
Go
1,668
Maven
4,928
npm
3,458
NuGet
595
pip
2,876
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+
692 advisories
Filter by severity
Genie Path Traversal vulnerability via File Uploads
Critical
CVE-2024-4701
was published
for
com.netflix.genie:genie-web
(Maven)
May 9, 2024
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)
Critical
CVE-2024-28253
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 23, 2024
Apache HugeGraph-Server: Command execution in gremlin
Critical
CVE-2024-27348
was published
for
org.apache.hugegraph:hugegraph-api
(Maven)
Apr 22, 2024
XWiki Platform remote code execution from account through UIExtension parameters
Critical
CVE-2024-31997
was published
for
org.xwiki.platform:xwiki-platform-uiextension-api
(Maven)
Apr 10, 2024
XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution
Critical
CVE-2024-31996
was published
for
org.xwiki.commons:xwiki-commons-velocity
(Maven)
Apr 10, 2024
XWiki Platform CSRF remote code execution through the realtime HTML Converter API
Critical
CVE-2024-31988
was published
for
org.xwiki.platform:xwiki-platform-realtime-ui
(Maven)
Apr 10, 2024
XWiki Platform remote code execution from account via custom skins support
Critical
CVE-2024-31987
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 10, 2024
XWiki Platform CSRF remote code execution through scheduler job's document reference
Critical
CVE-2024-31986
was published
for
org.xwiki.platform:xwiki-platform-scheduler-ui
(Maven)
Apr 10, 2024
XWiki Platform: Remote code execution through space title and Solr space facet
Critical
CVE-2024-31984
was published
for
org.xwiki.platform:xwiki-platform-search-solr-ui
(Maven)
Apr 10, 2024
XWiki Platform: Remote code execution from edit in multilingual wikis via translations
Critical
CVE-2024-31983
was published
for
org.xwiki.platform:xwiki-platform-localization-source-wiki
(Maven)
Apr 10, 2024
XWiki Platform: Remote code execution as guest via DatabaseSearch
Critical
CVE-2024-31982
was published
for
org.xwiki.platform:xwiki-platform-search-ui
(Maven)
Apr 10, 2024
XWiki Platform: Privilege escalation (PR) from user registration through PDFClass
Critical
CVE-2024-31981
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 10, 2024
XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet
Critical
CVE-2024-31465
was published
for
org.xwiki.platform:xwiki-platform-search-ui
(Maven)
Apr 10, 2024
Apache Zeppelin remote code execution by adding malicious JDBC connection string
Critical
CVE-2024-31864
was published
for
org.apache.zeppelin:zeppelin-jdbc
(Maven)
Apr 9, 2024
SAML authentication bypass due to missing validation on unsigned SAML messages
Critical
GHSA-hx5q-v6pj-533r
was published
for
com.linecorp.centraldogma:centraldogma-server-auth-saml
(Maven)
Feb 26, 2024
Armeria SAML authentication bypass due to missing validation on unsigned SAML messages
Critical
CVE-2024-1735
was published
for
com.linecorp.armeria:armeria-saml
(Maven)
Feb 26, 2024
Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users
Critical
CVE-2024-23320
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 23, 2024
org.postgresql:postgresql vulnerable to SQL Injection via line comment generation
Critical
CVE-2024-1597
was published
for
org.postgresql:postgresql
(Maven)
Feb 21, 2024
Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2023-47795
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-25603
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting
Critical
CVE-2024-26269
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-26266
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-25152
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-25601
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
Critical
CVE-2023-40191
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
ProTip!
Advisories are also available from the
GraphQL API