Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,193
Erlang
25
GitHub Actions
39
Go
2,385
Maven
3,027
npm
3,078
NuGet
529
pip
2,897
Pub
5
RubyGems
442
Rust
905
Swift
20
Unreviewed advisories
All unreviewed
5,000+

23 advisories

Loading
Emissary has an OS Command Injection via Unvalidated IN_FILE_ENDING / OUT_FILE_ENDING in Executrix High
CVE-2026-35582 was published for gov.nsa.emissary:emissary (Maven) Apr 13, 2026
blueandhack Credited to blueandhack
Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout Moderate
CVE-2026-34481 was published for org.apache.logging.log4j:log4j-layout-template-json (Maven) Apr 10, 2026
ppkarwasz Credited to ppkarwasz
Apache Log4j 1 to Log4j 2 bridge: silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters Moderate
CVE-2026-34479 was published for org.apache.logging.log4j:log4j-1.2-api (Maven) Apr 10, 2026
ppkarwasz Credited to ppkarwasz
Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters Moderate
CVE-2026-34480 was published for org.apache.logging.log4j:log4j-core (Maven) Apr 10, 2026
ppkarwasz Credited to ppkarwasz
Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve High
CVE-2026-34483 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 9, 2026
AWS SDK for Java 2.0: Improper Handling of Special Characters in CloudFront Signing Utilities High
GHSA-443w-3rq3-5m5h was published for software.amazon.awssdk:cloudfront (Maven) Mar 27, 2026
org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type Critical
CVE-2025-32974 was published for org.xwiki.platform:xwiki-platform-security-requiredrights-default (Maven) Apr 29, 2025
XWiki Platform has an SQL injection in getdocuments.vm with sort parameter High
CVE-2024-55663 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Dec 12, 2024
Improper escaping in Apache Zeppelin Critical
CVE-2024-31866 was published for org.apache.zeppelin:zeppelin-interpreter (Maven) Apr 9, 2024
raboof Credited to raboof
Apache Zeppelin vulnerable to cross-site scripting in the helium module Moderate
CVE-2024-31868 was published for org.apache.zeppelin:zeppelin-interpreter (Maven) Apr 9, 2024
oscerd Credited to oscerd
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title Critical
CVE-2023-45135 was published for org.xwiki.platform:xwiki-platform-web (Maven) Oct 25, 2023
XWiki Platform vulnerable to RXSS via editor parameter - importinline template Critical
CVE-2023-32071 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) May 9, 2023
Keycloak Cross-site Scripting on OpenID connect login service High
CVE-2022-4137 was published for org.keycloak:keycloak-parent (Maven) Mar 1, 2023
Apache Tomcat improperly escapes input from JsonErrorReportValve High
CVE-2022-45143 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 3, 2023
westonsteimel Credited to westonsteimel
Heron allows CRLF log injection Critical
CVE-2021-42010 was published for org.apache.heron:heron-api (Maven) Oct 24, 2022
XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability Critical
CVE-2022-36099 was published for org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki (Maven) Sep 16, 2022
XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection Critical
CVE-2022-36100 was published for org.xwiki.platform.applications:xwiki-application-tag (Maven) Sep 16, 2022
Cross-site Scripting in Filter Stream Converter Application in XWiki Platform High
CVE-2022-29258 was published for org.xwiki.platform:xwiki-platform-filter-ui (Maven) Jun 1, 2022
Cross-site Scripting in wiki manager join wiki page High
CVE-2022-29252 was published for org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki (Maven) May 25, 2022
Cross-site Scripting in the Flamingo theme manager High
CVE-2022-29251 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) May 25, 2022
Command injection in Apache Maven maven-shared-utils Critical
CVE-2022-29599 was published for org.apache.maven.shared:maven-shared-utils (Maven) May 24, 2022
Cross-site Scripting in Jenkins Random String Parameter Plugin Moderate
CVE-2022-30966 was published for org.jenkins-ci.plugins:random-string-parameter (Maven) May 18, 2022
Improper escaping in XWiki Platform High
CVE-2020-13654 was published for org.xwiki.platform:xwiki-platform-web (Maven) Feb 9, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database