Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

37 advisories

Loading
Apache DolphinScheduler vulnerable to Improper Input Validation Critical
CVE-2022-45875 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Jan 4, 2023
Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService Critical
CVE-2023-40743 was published for axis:axis (Maven) Sep 5, 2023
jkmartindale ebickle
Apache Struts vulnerable to remote arbitrary command execution due to improper input validation Critical
CVE-2017-5638 was published for org.apache.struts:struts2-core (Maven) Oct 18, 2018
sunSUNQ
Remote code injection in Log4j Critical
CVE-2021-44228 was published for com.guicedee.services:log4j-core (Maven) Dec 10, 2021
Improper Input Validation in Apache ActiveMQ Critical
CVE-2016-3088 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
sunSUNQ
Apache Karaf Cave: Cave SSRF and arbitrary file access Critical
CVE-2024-34365 was published for org.apache.karaf:cave (Maven) May 14, 2024
Apache Sling Commons JSON bundle vulnerable to Improper Input Validation Critical
CVE-2022-47937 was published for org.apache.sling:org.apache.sling.commons.json (Maven) May 15, 2023
Spring Data Commons remote code injection vulnerability Critical
CVE-2018-1273 was published for org.springframework.data:spring-data-commons (Maven) Oct 17, 2018
sharonbz MarkLee131
r3kumar
Hostname verification in Apache HttpClient 4.3 was disabled by default Critical
CVE-2013-4366 was published for org.apache.httpcomponents:httpclient (Maven) May 13, 2022
briandealwis MarkLee131
Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal Critical
CVE-2017-12611 was published for org.apache.struts:struts2-core (Maven) Oct 16, 2018
sunSUNQ
Apache Struts vulnerable to arbitrary remote code execution due to improper input validation Critical
CVE-2016-3087 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ
Arbitrary code execution in Apache Struts 2 Critical
CVE-2016-4438 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ
Remote Code Execution in Apache Struts Critical
CVE-2016-3082 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
Improper Input Validation in Apache ActiveMQ Critical
CVE-2015-5254 was published for org.apache.activemq:activemq-client (Maven) May 13, 2022
sunSUNQ
Apache StreamPark Improper Input Validation vulnerability Critical
CVE-2022-46365 was published for org.apache.streampark:streampark (Maven) Jul 6, 2023
Pebble Templates Improper Input Validation vulnerability Critical
CVE-2019-19899 was published for io.pebbletemplates:pebble-project (Maven) May 24, 2022
Improper Input Validation in alilibaba:fastjson Critical
CVE-2017-18349 was published for com.alibaba:fastjson (Maven) Oct 24, 2018
Improper Input Validation in net.sf.robocode:robocode.host allows for external service interaction Critical
CVE-2019-10648 was published for net.sf.robocode:robocode.host (Maven) Apr 2, 2019
Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL Critical
CVE-2022-42468 was published for org.apache.flume.flume-ng-sources:flume-jms-source (Maven) Oct 26, 2022
westonsteimel
Improper Input Validation in JGroups Critical
CVE-2016-2141 was published for org.jgroups:jgroups (Maven) May 13, 2022
sharonbz
JGit Improper Input Validation vulnerability Critical
CVE-2014-9390 was published for org.eclipse.jgit:org.eclipse.jgit (Maven) May 17, 2022
Remote code execution in PATCH requests in Spring Data REST Critical
CVE-2017-8046 was published for org.springframework.data:spring-data-rest-core (Maven) May 13, 2022
Injection and Improper Input Validation in Apache Unomi Critical
CVE-2020-13942 was published for org.apache.unomi:unomi (Maven) Feb 10, 2022
Code execution in Apache Struts 1 plugin Critical
CVE-2017-9791 was published for org.apache.struts:struts2-struts1-plugin (Maven) May 13, 2022
Remote code execution in Apache Commons Configuration Critical
CVE-2020-1953 was published for org.apache.commons:commons-configuration2 (Maven) May 21, 2020
ProTip! Advisories are also available from the GraphQL API