Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

4 advisories

Loading
GeoTools has XML External Entity (XXE) Processing Vulnerability in XSD schema handling Critical
GHSA-826p-4gcg-35vw was published for org.geotools:gt-wfs-ng (Maven) Jun 9, 2025
aaime Credited to aaime and jodygarnett jodygarnett jodygarnett
GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost High
CVE-2024-29198 was published for org.geoserver.web:gs-app (Maven) Jun 10, 2025
thomsmith Credited to thomsmith, felixmaechtle, davidblasby, nils-loose, jodygarnett, and aaime felixmaechtle felixmaechtle
davidblasby davidblasby nils-loose nils-loose jodygarnett jodygarnett aaime aaime
[XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service High
CVE-2025-30220 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
xbow-security Credited to xbow-security, YacineF, aaime, and jodygarnett YacineF YacineF
aaime aaime jodygarnett jodygarnett
Remote Code Execution (RCE) vulnerability in geoserver Critical
CVE-2024-36401 was published for org.geoserver.web:gs-web-app (Maven) Jul 1, 2024
sikeoka Credited to sikeoka, jodygarnett, and aaime jodygarnett jodygarnett
aaime aaime
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database