GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+
430 advisories
Filter by severity
Apache DolphinScheduler: Arbitrary js execute as root for authenticated users
High
CVE-2023-49299
was published
for
org.apache.dolphinscheduler:dolphinscheduler-master
(Maven)
Dec 30, 2023
Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation
High
CVE-2023-3893
was published
for
github.com/kubernetes-csi/csi-proxy
(Go)
Nov 3, 2023
Kubernetes privilege escalation vulnerability
High
CVE-2023-3955
was published
for
k8s.io/kubernetes
(Go)
Oct 31, 2023
Kubernetes privilege escalation vulnerability
High
CVE-2023-3676
was published
for
k8s.io/kubernetes
(Go)
Oct 31, 2023
Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability
High
CVE-2023-39913
was published
for
org.apache.uima:uimaj
(Maven)
Nov 8, 2023
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
High
CVE-2023-5044
was published
for
k8s.io/ingress-nginx
(Go)
Oct 25, 2023
Ingress nginx annotation injection causes arbitrary command execution
High
CVE-2023-5043
was published
for
k8s.io/ingress-nginx
(Go)
Oct 25, 2023
Ingress-nginx path sanitization can be bypassed
High
CVE-2022-4886
was published
for
k8s.io/ingress-nginx
(Go)
Oct 25, 2023
Apache Avro Java SDK vulnerable to Improper Input Validation
High
CVE-2023-39410
was published
for
avro
(Maven)
Sep 29, 2023
Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users
High
CVE-2024-23320
was published
for
org.apache.dolphinscheduler:dolphinscheduler-master
(Maven)
Feb 23, 2024
Apache Airflow Spark Provider Improper Input Validation vulnerability
High
CVE-2023-40272
was published
for
apache-airflow-providers-apache-spark
(pip)
Aug 17, 2023
apache-airflow-providers-apache-drill Improper Input Validation vulnerability
High
CVE-2023-39553
was published
for
apache-airflow-providers-apache-drill
(pip)
Aug 11, 2023
Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution
High
CVE-2024-27135
was published
for
org.apache.pulsar:pulsar-functions-worker
(Maven)
Mar 12, 2024
Apache Airflow Apache Hive Provider Improper Input Validation vulnerability
High
CVE-2023-37415
was published
for
apache-airflow-providers-apache-hive
(pip)
Jul 13, 2023
Apache Airflow Drill Provider vulnerable to improper input validation
High
CVE-2023-28707
was published
for
apache-airflow-providers-apache-drill
(pip)
Apr 7, 2023
SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine
High
CVE-2025-24970
was published
for
io.netty:netty-handler
(Maven)
Feb 10, 2025
Improper Input Validation in Apache Struts
High
CVE-2006-1547
was published
for
struts:struts
(Maven)
May 1, 2022
Apache James vulnerable to denial of service through the use of IMAP literals
High
CVE-2024-37358
was published
for
org.apache.james.protocols:protocols-imap
(Maven)
Feb 6, 2025
SnakeYaml Constructor Deserialization Remote Code Execution
High
CVE-2022-1471
was published
for
org.yaml:snakeyaml
(Maven)
Dec 12, 2022
Browsershot Path Traversal
High
CVE-2025-1022
was published
for
spatie/browsershot
(Composer)
Feb 5, 2025
go-git clients vulnerable to DoS via maliciously crafted Git server replies
High
CVE-2025-21614
was published
for
github.com/go-git/go-git
(Go)
Jan 6, 2025
xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service
High
CVE-2020-25614
was published
for
github.com/antchfx/xmlquery
(Go)
Oct 7, 2022
Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying
High
CVE-2024-27894
was published
for
org.apache.pulsar:pulsar-functions-worker
(Maven)
Mar 12, 2024
keep-module-latest vulnerable to Command Injection due to missing input sanitization
High
CVE-2023-26128
was published
for
keep-module-latest
(npm)
May 27, 2023
ProTip!
Advisories are also available from the
GraphQL API