GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
Spinnaker has uon-safe yaml deserialization, allowing RCE when using specific types
High
CVE-2026-44795
was published
for
io.spinnaker.orca:orca-core
(Maven)
Jun 22, 2026
Apache Calcite is Vulnerable to Use of Externally-Controlled Input to Select Classes
Moderate
CVE-2026-46718
was published
for
org.apache.calcite:calcite-core
(Maven)
Jun 2, 2026
Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override
Critical
CVE-2026-46562
was published
for
org.yamcs:yamcs-core
(Maven)
May 27, 2026
Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading
Critical
CVE-2026-8178
was published
for
com.amazon.redshift:redshift-jdbc42
(Maven)
May 14, 2026
Apache OpenNLP ExtensionLoader Vulnerable to Arbitrary Class Instantiation via Model Manifest
Critical
CVE-2026-42027
was published
for
org.apache.opennlp:opennlp-tools
(Maven)
May 4, 2026
Amazon Web Services Advanced JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance
High
GHSA-7xw4-g7mm-r4hh
was published
for
software.amazon.jdbc:aws-advanced-jdbc-wrapper
(Maven)
Nov 13, 2025
Improper Authentication in Spring Authorization Server
Moderate
CVE-2024-22258
was published
for
org.springframework.security:spring-security-oauth2-authorization-server
(Maven)
Mar 20, 2024
HyperSQL DataBase vulnerable to remote code execution when processing untrusted input
Critical
CVE-2022-41853
was published
for
org.hsqldb:hsqldb
(Maven)
Oct 6, 2022
Withdrawn: CVE Rejected: JXPath vulnerable to remote code execution when interpreting untrusted XPath expressions
Critical
CVE-2022-41852
was published
for
commons-jxpath:commons-jxpath
(Maven)
Oct 6, 2022
•
withdrawn
Use of Externally-Controlled Input to Select Classes or Code in Infinispan
High
CVE-2019-10174
was published
for
org.infinispan:infinispan-core
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Jenkins Script Security Plugin
Critical
CVE-2019-1003040
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin
Critical
CVE-2019-1003041
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 13, 2022
Kylin can receive user input and load any class through Class.forName(...).
Moderate
CVE-2021-31522
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
Privilege Escalation in Hibernate Validator
High
CVE-2017-7536
was published
for
org.hibernate:hibernate-validator
(Maven)
Jun 15, 2020
Deserialization of Untrusted Data in Bouncy castle
Critical
CVE-2018-1000613
was published
for
org.bouncycastle:bcprov-jdk15on
(Maven)
Oct 17, 2018
ProTip!
Advisories are also available from the
GraphQL API