GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
20 advisories
Filter by severity
Improper Input Validation and Injection in Apache Log4j2
Moderate
CVE-2021-44832
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Jan 4, 2022
org.linlinjava:litemall-wx-api has an Injection issue
Moderate
CVE-2026-8771
was published
for
org.linlinjava:litemall-wx-api
(Maven)
May 18, 2026
Dynamic-Datasource has an Injection vulnerability
Moderate
CVE-2026-7045
was published
for
com.baomidou:dynamic-datasource-spring
(Maven)
Apr 27, 2026
PowerJob's GroovyEvaluator.evaluate endpoint vulnerable to code injection
Moderate
CVE-2026-5739
was published
for
tech.powerjob:powerjob-server-starter
(Maven)
Apr 7, 2026
PowerJob vulnerable to SQL injection
Moderate
CVE-2026-5736
was published
for
tech.powerjob:powerjob-server-starter
(Maven)
Apr 7, 2026
Apache James MIME4J improper input validation vulnerability
Moderate
CVE-2024-21742
was published
for
org.apache.james:apache-mime4j-core
(Maven)
Feb 27, 2024
risesoft-y9 Digital-Infrastructure has a SQL injection vulnerability
Moderate
CVE-2026-1050
was published
for
net.risesoft:risenet-y9boot-support-platform-service
(Maven)
Jan 17, 2026
Apache Camel camel-neo4j component is vulnerable to cypher injection
Moderate
CVE-2025-66169
was published
for
org.apache.camel:camel-neo4j
(Maven)
Jan 14, 2026
Apache Spark vulnerable to Log Injection
Moderate
CVE-2022-31777
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Nov 1, 2022
snail-job is vulnerable to Code Injection through QLExpressEngine.doEval function
Moderate
CVE-2025-14674
was published
for
com.aizuda:snail-job
(Maven)
Dec 14, 2025
Jenkins has a log message injection vulnerability
Moderate
CVE-2025-59476
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Sep 17, 2025
Apache StreamPark LDAP Injection vulnerability
Moderate
CVE-2022-45801
was published
for
org.apache.streampark:streampark
(Maven)
May 1, 2023
Command injection in Apache Flink
Moderate
CVE-2020-1960
was published
for
org.apache.flink:flink-core
(Maven)
May 21, 2021
Injection in Apache Archiva
Moderate
CVE-2020-9495
was published
for
org.apache.archiva:archiva
(Maven)
Feb 10, 2022
Credentials bypass in Apache Druid
Moderate
CVE-2020-1958
was published
for
org.apache.druid:druid
(Maven)
Feb 9, 2022
Injection in Jenkins
Moderate
CVE-2018-1000193
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Injection in MockServer
Moderate
CVE-2021-32827
was published
for
org.mock-server:mockserver
(Maven)
Aug 30, 2021
Injection in DeltaSpike
Moderate
CVE-2019-12416
was published
for
org.apache.deltaspike:deltaspike
(Maven)
Feb 10, 2022
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria
Moderate
GHSA-35fr-h7jr-hh86
was published
for
com.linecorp.armeria:armeria
(Maven)
Dec 6, 2019
HTTP Response Splitting in Styx
Moderate
CVE-2020-6858
was published
for
com.hotels.styx:styx-api
(Maven)
Mar 3, 2020
ProTip!
Advisories are also available from the
GraphQL API