GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
12 advisories
Filter by severity
Apache Spark vulnerable to Improper Privilege Management
Critical
CVE-2023-22946
was published
for
org.apache.spark:spark-core_2.12
(Maven)
Apr 17, 2023
Improper JWT Signature Validation in SAP Security Services Library
Critical
CVE-2023-50422
was published
for
com.sap.cloud.security.xsuaa:spring-xsuaa
(Maven)
Dec 13, 2023
Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library
Critical
GHSA-gcgw-q47m-prvj
was published
for
com.sap.cloud.security.xsuaa:spring-xsuaa
(Maven)
Dec 12, 2023
•
withdrawn
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
Critical
CVE-2024-43401
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Aug 19, 2024
Improper Privilege Management in Tomcat
Critical
CVE-2020-1938
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jun 15, 2020
Cloud Foundry UAA privilege escalation with user invitations
Critical
CVE-2017-4992
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
OrientDB vulnerable to Improper Privilage Management leading to arbitrary command injection
Critical
CVE-2017-11467
was published
for
com.orientechnologies:orientdb-core
(Maven)
Oct 18, 2018
Apache InLong Improper Privilege Management vulnerability
Critical
CVE-2023-31062
was published
for
org.apache.inlong:manager-dao
(Maven)
Jul 6, 2023
XWiki Platform's Mail.MailConfig can be edited by any user with edit rights
Critical
CVE-2023-34465
was published
for
org.xwiki.platform:xwiki-platform-mail-send-default
(Maven)
Jun 20, 2023
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator
Critical
CVE-2021-21428
was published
for
org.openapitools:openapi-generator-online
(Maven)
May 11, 2021
xwiki-platform vulnerable to Remote Code Execution in Annotations
Critical
CVE-2023-26475
was published
for
org.xwiki.platform:xwiki-platform-annotation-ui
(Maven)
Mar 2, 2023
Unescaped control characters in Gitblit
Critical
CVE-2022-31267
was published
for
com.gitblit:gitblit
(Maven)
May 22, 2022
ProTip!
Advisories are also available from the
GraphQL API