GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,132 advisories
Filter by severity
SQL injection in Apache Traffic Control
Critical
CVE-2024-45387
was published
for
github.com/apache/trafficcontrol/v8
(Go)
Dec 23, 2024
Gogs has an argument Injection in the built-in SSH server
Critical
CVE-2024-39930
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
Gogs allows argument injection during the previewing of changes
Critical
CVE-2024-39932
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
Gogs allows deletion of internal files
Critical
CVE-2024-39931
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
Duplicate Advisory: github.com/gogs/gogs affected by CVE-2024-39930
Critical
GHSA-p69r-v3h4-rj4f
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
•
withdrawn
Duplicate Advisory: Gogs allows argument injection during the previewing of changes
Critical
GHSA-hf29-9hfh-w63j
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
•
withdrawn
Duplicate Advisory: Gogs allows deletion of internal files
Critical
GHSA-2vgj-3pvg-xh4w
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
•
withdrawn
Apache Struts file upload logic is flawed
Critical
CVE-2024-53677
was published
for
org.apache.struts:struts2-core
(Maven)
Dec 11, 2024
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
Critical
CVE-2024-23897
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jan 24, 2024
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled
Critical
CVE-2024-56145
was published
for
craftcms/cms
(Composer)
Dec 18, 2024
AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s
Critical
CVE-2024-53990
was published
for
org.asynchttpclient:async-http-client
(Maven)
Dec 2, 2024
Apache HugeGraph-Server: Command execution in gremlin
Critical
CVE-2024-27348
was published
for
org.apache.hugegraph:hugegraph-api
(Maven)
Apr 22, 2024
Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
Critical
CVE-2024-45337
was published
for
golang.org/x/crypto
(Go)
Dec 11, 2024
XWiki allows RCE from script right in configurable sections
Critical
CVE-2024-55879
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Dec 12, 2024
XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList
Critical
CVE-2024-55877
was published
for
org.xwiki.platform:xwiki-platform-help-ui
(Maven)
Dec 12, 2024
http4k has a potential XXE (XML External Entity Injection) vulnerability
Critical
CVE-2024-55875
was published
for
org.http4k:http4k-format-xml
(Maven)
Dec 12, 2024
CasaOS contains weak JWT secrets
Critical
CVE-2023-37266
was published
for
github.com/IceWhaleTech/CasaOS
(Go)
Jul 17, 2023
CasaOS Gateway vulnerable to incorrect identification of source IP addresses
Critical
CVE-2023-37265
was published
for
github.com/IceWhaleTech/CasaOS-Gateway
(Go)
Jul 17, 2023
XWiki allows remote code execution through the extension sheet
Critical
CVE-2024-55662
was published
for
org.xwiki.platform:xwiki-platform-repository-server-ui
(Maven)
Dec 12, 2024
Liferay Portal has a Stored XSS with Blog entries (Insecure defaults)
Critical
CVE-2024-25610
was published
for
com.liferay.portal:com.liferay.portal.web
(Maven)
Feb 20, 2024
Angular Expressions - Remote Code Execution when using locals
Critical
CVE-2024-54152
was published
for
angular-expressions
(npm)
Dec 10, 2024
laravel-s vulnerable to Local File Inclusion
Critical
CVE-2023-29931
was published
for
hhxsv5/laravel-s
(Composer)
Jun 22, 2023
jFinal Server-Side Template Injection vulnerability
Critical
CVE-2021-31635
was published
for
com.jfinal:jfinal
(Maven)
Jun 26, 2023
Duplicate Advisory: Querydsl SQL/HQL injection
Critical
GHSA-wpvf-5mc3-hv6m
was published
for
com.querydsl:querydsl-apt
(Maven)
Nov 20, 2024
•
withdrawn
Remote Code Execution (RCE) vulnerability in geoserver
Critical
CVE-2024-36401
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jul 1, 2024
ProTip!
Advisories are also available from the
GraphQL API