Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,700
Maven
5,000+
npm
4,328
NuGet
761
pip
4,100
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+

10 advisories

Loading
Amazon Web Services Advanced JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance High
GHSA-7xw4-g7mm-r4hh was published for software.amazon.jdbc:aws-advanced-jdbc-wrapper (Maven) Nov 13, 2025
Deserialization of Untrusted Data in Bouncy castle Critical
CVE-2018-1000613 was published for org.bouncycastle:bcprov-jdk15on (Maven) Oct 17, 2018
jkmartindale
Credited to jkmartindale
Improper Authentication in Spring Authorization Server Moderate
CVE-2024-22258 was published for org.springframework.security:spring-security-oauth2-authorization-server (Maven) Mar 20, 2024
Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin Critical
CVE-2019-1003041 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 13, 2022
westonsteimel
Credited to westonsteimel
Sandbox bypass vulnerability in Jenkins Script Security Plugin Critical
CVE-2019-1003040 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
westonsteimel
Credited to westonsteimel
Withdrawn: CVE Rejected: JXPath vulnerable to remote code execution when interpreting untrusted XPath expressions Critical
CVE-2022-41852 was published for commons-jxpath:commons-jxpath (Maven) Oct 6, 2022 withdrawn
Warxim JPLachance
Credited to Warxim and JPLachance
Kylin can receive user input and load any class through Class.forName(...). Moderate
CVE-2021-31522 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
HyperSQL DataBase vulnerable to remote code execution when processing untrusted input Critical
CVE-2022-41853 was published for org.hsqldb:hsqldb (Maven) Oct 6, 2022
lukaseder
Credited to lukaseder
Use of Externally-Controlled Input to Select Classes or Code in Infinispan High
CVE-2019-10174 was published for org.infinispan:infinispan-core (Maven) May 24, 2022
Privilege Escalation in Hibernate Validator High
CVE-2017-7536 was published for org.hibernate:hibernate-validator (Maven) Jun 15, 2020
JesseEstum
Credited to JesseEstum
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database