Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,436
Maven
5,000+
npm
5,000+
NuGet
883
pip
4,694
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

18 advisories

Loading
HTTP Response Splitting in Styx Moderate
CVE-2020-6858 was published for com.hotels.styx:styx-api (Maven) Mar 3, 2020
JLLeitschuh Credited to JLLeitschuh
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria Moderate
GHSA-35fr-h7jr-hh86 was published for com.linecorp.armeria:armeria (Maven) Dec 6, 2019
JLLeitschuh Credited to JLLeitschuh
Injection in DeltaSpike Moderate
CVE-2019-12416 was published for org.apache.deltaspike:deltaspike (Maven) Feb 10, 2022
Injection in MockServer Moderate
CVE-2021-32827 was published for org.mock-server:mockserver (Maven) Aug 30, 2021
Injection in Jenkins Moderate
CVE-2018-1000193 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Credentials bypass in Apache Druid Moderate
CVE-2020-1958 was published for org.apache.druid:druid (Maven) Feb 9, 2022
Injection in Apache Archiva Moderate
CVE-2020-9495 was published for org.apache.archiva:archiva (Maven) Feb 10, 2022
Command injection in Apache Flink Moderate
CVE-2020-1960 was published for org.apache.flink:flink-core (Maven) May 21, 2021
Apache StreamPark LDAP Injection vulnerability Moderate
CVE-2022-45801 was published for org.apache.streampark:streampark (Maven) May 1, 2023
Improper Input Validation and Injection in Apache Log4j2 Moderate
CVE-2021-44832 was published for org.apache.logging.log4j:log4j-core (Maven) Jan 4, 2022
ppkarwasz Credited to ppkarwasz
Jenkins has a log message injection vulnerability Moderate
CVE-2025-59476 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 17, 2025
snail-job is vulnerable to Code Injection through QLExpressEngine.doEval function Moderate
CVE-2025-14674 was published for com.aizuda:snail-job (Maven) Dec 14, 2025
Apache Spark vulnerable to Log Injection Moderate
CVE-2022-31777 was published for org.apache.spark:spark-core_2.10 (Maven) Nov 1, 2022
kurt-r2c Credited to kurt-r2c
Apache Camel camel-neo4j component is vulnerable to cypher injection Moderate
CVE-2025-66169 was published for org.apache.camel:camel-neo4j (Maven) Jan 14, 2026
risesoft-y9 Digital-Infrastructure has a SQL injection vulnerability Moderate
CVE-2026-1050 was published for net.risesoft:risenet-y9boot-support-platform-service (Maven) Jan 17, 2026
Apache James MIME4J improper input validation vulnerability Moderate
CVE-2024-21742 was published for org.apache.james:apache-mime4j-core (Maven) Feb 27, 2024
PowerJob vulnerable to SQL injection Moderate
CVE-2026-5736 was published for tech.powerjob:powerjob-server-starter (Maven) Apr 7, 2026
PowerJob's GroovyEvaluator.evaluate endpoint vulnerable to code injection Moderate
CVE-2026-5739 was published for tech.powerjob:powerjob-server-starter (Maven) Apr 7, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database