Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

5,234 advisories

Loading
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification High
CVE-2016-1000342 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values High
CVE-2016-1000343 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
In Bouncy Castle JCE Provider the other party DH public key is not fully validated Low
CVE-2016-1000346 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode High
CVE-2016-1000352 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 Moderate
CVE-2015-7940 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server High
CVE-2017-12615 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
Apache Tomcat Open Redirect vulnerability Moderate
CVE-2018-11784 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
Apache Tomcat unauthorized access vulnerability Moderate
CVE-2018-1304 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
Apache Tomcat information exposure vulnerability Moderate
CVE-2018-1305 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder High
CVE-2018-1336 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins Critical
CVE-2018-8014 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
The host name verification missing in Apache Tomcat High
CVE-2018-8034 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
Apache Tomcat Race Condition vulnerability Moderate
CVE-2018-8037 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password Critical
CVE-2016-0733 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
SQL injection vulnerability in the policy admin tool in Apache Ranger High
CVE-2016-2174 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML Moderate
CVE-2016-5395 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.apache.ranger:ranger Moderate
CVE-2016-6815 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies Moderate
CVE-2016-8751 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Apache Ranger policy engine incorrectly matches paths in certain conditions Moderate
CVE-2016-8746 was published for org.apache.ranger:ranger-plugins-common (Maven) Oct 17, 2018
UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow High
CVE-2018-11778 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character Critical
CVE-2017-7676 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.apache.ranger:ranger Moderate
CVE-2017-7677 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Spring Data Commons remote code injection vulnerability Critical
CVE-2018-1273 was published for org.springframework.data:spring-data-commons (Maven) Oct 17, 2018
sharonbz MarkLee131
r3kumar
Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation High
CVE-2018-1274 was published for org.springframework.data:spring-data-commons (Maven) Oct 17, 2018
MarkLee131
ProTip! Advisories are also available from the GraphQL API