Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
Privilege Escalation in Hibernate Validator High
CVE-2017-7536 was published for org.hibernate:hibernate-validator (Maven) Jun 15, 2020
JesseEstum
Use of Externally-Controlled Input to Select Classes or Code in Infinispan High
CVE-2019-10174 was published for org.infinispan:infinispan-core (Maven) May 24, 2022
HyperSQL DataBase vulnerable to remote code execution when processing untrusted input Critical
CVE-2022-41853 was published for org.hsqldb:hsqldb (Maven) Oct 6, 2022
lukaseder
Kylin can receive user input and load any class through Class.forName(...). Moderate
CVE-2021-31522 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
Withdrawn: CVE Rejected: JXPath vulnerable to remote code execution when interpreting untrusted XPath expressions Critical
CVE-2022-41852 was published for commons-jxpath:commons-jxpath (Maven) Oct 6, 2022 withdrawn
Warxim JPLachance
Sandbox bypass vulnerability in Jenkins Script Security Plugin Critical
CVE-2019-1003040 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
westonsteimel
Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin Critical
CVE-2019-1003041 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 13, 2022
westonsteimel
Deserialization of Untrusted Data in Bouncy castle Critical
CVE-2018-1000613 was published for org.bouncycastle:bcprov-jdk15on (Maven) Oct 17, 2018
jkmartindale
avo possible unsafe reflection / partial DoS vulnerability High
CVE-2023-34102 was published for avo (RubyGems) Jun 6, 2023
FLX-0x00
Unsafe Reflection in base Component class in yiisoft/yii2 High
CVE-2024-4990 was published for yiisoft/yii2 (Composer) Jun 2, 2024
zonia3000 mtangoo
iBotPeaches rob006
StimulusReflex arbitrary method call High
CVE-2024-28121 was published for stimulus_reflex (RubyGems) Mar 12, 2024
FelixMartel marcoroth
matt-phylum
Improper Authentication in Spring Authorization Server Moderate
CVE-2024-22258 was published for org.springframework.security:spring-security-oauth2-authorization-server (Maven) Mar 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database