Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

31 advisories

Loading
generator-jhipster-entity-audit vulnerable to Unsafe Reflection when having Javers selected as Entity Audit Framework High
CVE-2025-31119 was published for generator-jhipster-entity-audit (npm) Apr 4, 2025
OmarHawk
An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to... High Unreviewed
CVE-2025-2794 was published Mar 31, 2025
A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the... High Unreviewed
CVE-2024-7059 was published Nov 5, 2024
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is... High Unreviewed
CVE-2024-8048 was published Oct 9, 2024
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code... Critical Unreviewed
CVE-2024-8015 was published Oct 9, 2024
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is... High Unreviewed
CVE-2024-8014 was published Oct 9, 2024
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is... High Unreviewed
CVE-2024-6096 was published Jul 24, 2024
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability... Moderate Unreviewed
CVE-2024-1574 was published Jul 4, 2024
Unsafe Reflection in base Component class in yiisoft/yii2 High
CVE-2024-4990 was published for yiisoft/yii2 (Composer) Jun 2, 2024
zonia3000 mtangoo
iBotPeaches rob006
Improper Authentication in Spring Authorization Server Moderate
CVE-2024-22258 was published for org.springframework.security:spring-security-oauth2-authorization-server (Maven) Mar 20, 2024
StimulusReflex arbitrary method call High
CVE-2024-28121 was published for stimulus_reflex (RubyGems) Mar 12, 2024
FelixMartel marcoroth
matt-phylum
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability... Critical Unreviewed
CVE-2023-6943 was published Jan 30, 2024
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to... High Unreviewed
CVE-2024-0200 was published Jan 16, 2024
In multiple locations, there is a possible way to import contacts belonging to other users due to... Moderate Unreviewed
CVE-2023-35680 was published Sep 11, 2023
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels... High Unreviewed
CVE-2023-32217 was published Jul 6, 2023
The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a... High Unreviewed
CVE-2023-0460 was published Jul 6, 2023
A website could have obscured the fullscreen notification by using a URL with a scheme handled by... Moderate Unreviewed
CVE-2023-37207 was published Jul 5, 2023
Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code... High Unreviewed
CVE-2023-33652 was published Jun 6, 2023
avo possible unsafe reflection / partial DoS vulnerability High
CVE-2023-34102 was published for avo (RubyGems) Jun 6, 2023
FLX-0x00
HyperSQL DataBase vulnerable to remote code execution when processing untrusted input Critical
CVE-2022-41853 was published for org.hsqldb:hsqldb (Maven) Oct 6, 2022
lukaseder
Withdrawn: CVE Rejected: JXPath vulnerable to remote code execution when interpreting untrusted XPath expressions Critical
CVE-2022-41852 was published for commons-jxpath:commons-jxpath (Maven) Oct 6, 2022 withdrawn
Warxim JPLachance
In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could... High Unreviewed
CVE-2022-26469 was published Sep 7, 2022
Use of Externally-Controlled Input to Select Classes or Code in Infinispan High
CVE-2019-10174 was published for org.infinispan:infinispan-core (Maven) May 24, 2022
It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON)... High Unreviewed
CVE-2019-3834 was published May 24, 2022
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands... High Unreviewed
CVE-2018-5511 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database