GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
29 advisories
Filter by severity
Improper Authentication in Spring Authorization Server
Moderate
CVE-2024-22258
was published
for
org.springframework.security:spring-security-oauth2-authorization-server
(Maven)
Mar 20, 2024
A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the...
High
Unreviewed
CVE-2024-7059
was published
Nov 5, 2024
In multiple locations, there is a possible way to import contacts belonging to other users due to...
Moderate
Unreviewed
CVE-2023-35680
was published
Sep 11, 2023
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code...
Critical
Unreviewed
CVE-2024-8015
was published
Oct 9, 2024
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is...
High
Unreviewed
CVE-2024-8014
was published
Oct 9, 2024
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is...
High
Unreviewed
CVE-2024-8048
was published
Oct 9, 2024
StimulusReflex arbitrary method call
High
CVE-2024-28121
was published
for
stimulus_reflex
(RubyGems)
Mar 12, 2024
Unsafe Reflection in base Component class in yiisoft/yii2
High
CVE-2024-4990
was published
for
yiisoft/yii2
(Composer)
Jun 2, 2024
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is...
High
Unreviewed
CVE-2024-6096
was published
Jul 24, 2024
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability...
Moderate
Unreviewed
CVE-2024-1574
was published
Jul 4, 2024
avo possible unsafe reflection / partial DoS vulnerability
High
CVE-2023-34102
was published
for
avo
(RubyGems)
Jun 6, 2023
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels...
High
Unreviewed
CVE-2023-32217
was published
Jul 6, 2023
The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a...
High
Unreviewed
CVE-2023-0460
was published
Jul 6, 2023
A website could have obscured the fullscreen notification by using a URL with a scheme handled by...
Moderate
Unreviewed
CVE-2023-37207
was published
Jul 5, 2023
Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code...
High
Unreviewed
CVE-2023-33652
was published
Jun 6, 2023
It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON)...
High
Unreviewed
CVE-2019-3834
was published
May 24, 2022
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability...
Critical
Unreviewed
CVE-2023-6943
was published
Jan 30, 2024
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and...
Low
Unreviewed
CVE-2004-2331
was published
Apr 29, 2022
Deserialization of Untrusted Data in Bouncy castle
Critical
CVE-2018-1000613
was published
for
org.bouncycastle:bcprov-jdk15on
(Maven)
Oct 17, 2018
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to...
High
Unreviewed
CVE-2024-0200
was published
Jan 16, 2024
Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin
Critical
CVE-2019-1003041
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 13, 2022
Sandbox bypass vulnerability in Jenkins Script Security Plugin
Critical
CVE-2019-1003040
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Withdrawn: CVE Rejected: JXPath vulnerable to remote code execution when interpreting untrusted XPath expressions
Critical
CVE-2022-41852
was published
for
commons-jxpath:commons-jxpath
(Maven)
Oct 6, 2022
•
withdrawn
Kylin can receive user input and load any class through Class.forName(...).
Moderate
CVE-2021-31522
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands...
High
Unreviewed
CVE-2018-5511
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API