Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
Apache Tomcat Vulnerable to Relative Path Traversal High
CVE-2025-55752 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
aruneko
Credited to aruneko
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences Low
CVE-2025-55754 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
aruneko
Credited to aruneko
Spring Framework server Web DoS Vulnerability High
CVE-2024-22233 was published for org.springframework:spring-core (Maven) Jan 22, 2024
aruneko reva
YukiInu fnxpt schmidt-fu tolmaidis LukaszGrzesik
Credited to aruneko, reva, YukiInu, fnxpt, schmidt-fu, tolmaidis, and LukaszGrzesik
PowerJob vulnerable to Incorrect Access Control via the create user/save interface. Moderate
CVE-2023-29922 was published for tech.powerjob:powerjob (Maven) Apr 19, 2023
achibear aruneko
Credited to achibear and aruneko
phpMyFAQ Code Injection vulnerability Moderate
CVE-2023-1761 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
aruneko
Credited to aruneko
Kubernetes vulnerable to validation bypass High
CVE-2022-3294 was published for github.com/kubernetes/kubernetes (Go) Mar 1, 2023
aruneko kurt-r2c
Credited to aruneko and kurt-r2c
Command injection in Git package in Wrangler High
CVE-2022-31249 was published for github.com/rancher/wrangler (Go) Jan 25, 2023
cokeBeer aruneko
tdunlap607
Credited to cokeBeer, aruneko, and tdunlap607
json stack overflow vulnerability High
CVE-2022-45688 was published for cn.hutool:hutool-json (Maven) Dec 13, 2022
westonsteimel aruneko
Credited to westonsteimel and aruneko
ToolJet is vulnerable to Denial of Service (DoS) Moderate
CVE-2022-4111 was published for tooljet (npm) Nov 22, 2022
aruneko
Credited to aruneko
Lin CMS vulnerable to Improper Authentication Moderate
CVE-2022-44244 was published for Lin-CMS (Maven) Nov 10, 2022
aruneko richardfan0606
Credited to aruneko and richardfan0606
Mapbox is vulnerable to Integer Overflow High
CVE-2022-38216 was published for com.mapbox.mapboxsdk:mapbox-android-core (Maven) Aug 17, 2022
billyjbryant aruneko
Credited to billyjbryant and aruneko
XSS vulnerability in Jenkins Markdown Formatter Plugin Moderate
CVE-2021-21660 was published for io.jenkins.plugins:markdown-formatter (Maven) May 24, 2022
NotMyFault aruneko
Credited to NotMyFault and aruneko
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database