Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

105 advisories

Loading
Apache ActiveMQ Deserialization of Untrusted Data vulnerability High
CVE-2022-41678 was published for org.apache.activemq:apache-activemq (Maven) Nov 28, 2023
sunSUNQ
Spring Framework vulnerable to denial of service High
CVE-2023-34053 was published for org.springframework:spring-webmvc (Maven) Nov 28, 2023
sunSUNQ
Apache Tomcat vulnerable to information leak High
CVE-2023-34981 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 21, 2023
sunSUNQ westonsteimel
Spring Framework vulnerable to denial of service High
CVE-2023-20863 was published for org.springframework:spring-expression (Maven) Apr 13, 2023
amita-seal sunSUNQ
Apache Commons FileUpload denial of service vulnerability High
CVE-2023-24998 was published for commons-fileupload:commons-fileupload (Maven) Feb 20, 2023
sunSUNQ westonsteimel
Apache Tomcat may reject request containing invalid Content-Length header High
CVE-2022-42252 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 1, 2022
sunSUNQ westonsteimel
Uncontrolled Resource Consumption in FasterXML jackson-databind High
CVE-2022-42004 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz sonnyhcl
sunSUNQ pjfanning
Uncontrolled Resource Consumption in Jackson-databind High
CVE-2022-42003 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz coheigea
sonnyhcl Christiaan-de-Wet sunSUNQ
Cross-site Scripting vulnerability in Jenkins High
CVE-2022-34170 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault sunSUNQ
Cross-Site Request Forgery in Jenkins High
CVE-2020-2160 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault sunSUNQ
Code injection in Apache Struts High
CVE-2013-4316 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Improper Neutralization of Directives in Dynamically Evaluated Code in Spring Framework High
CVE-2011-2730 was published for org.springframework:spring-core (Maven) May 17, 2022
sunSUNQ
Apache Struts Open Redirect High
CVE-2016-4433 was published for org.apache.struts.xwork:xwork-core (Maven) May 17, 2022
sunSUNQ
Incomplete exclude pattern in Apache Struts High
CVE-2015-1831 was published for org.apache.struts.xwork:xwork-core (Maven) May 17, 2022
sunSUNQ
Apache Struts CSRF Vulnerability High
CVE-2016-4430 was published for org.apache.struts.xwork:xwork-core (Maven) May 17, 2022
sunSUNQ
Race Condition in Jenkins High
CVE-2017-1000503 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
sunSUNQ
Cloud Foundry UAA SessionID present in Audit Event Logs High
CVE-2018-1192 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 14, 2022
sunSUNQ
Improper Neutralization of Input During Web Page Generation in Apache Tomcat High
CVE-2015-5346 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Apache Tomcat does not enforce the maxHttpHeaderSize limit High
CVE-2011-0534 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Arbitrary code execution in Apache Struts 2 High
CVE-2013-2134 was published for org.apache.struts.xwork:xwork-core (Maven) May 14, 2022
sunSUNQ
Arbitrary code execution in Apache Struts 2 High
CVE-2013-2135 was published for org.apache.struts.xwork:xwork-core (Maven) May 14, 2022
sunSUNQ
Apache Struts Code injection due to conversion error High
CVE-2012-0838 was published for org.apache.struts.xwork:xwork-core (Maven) May 14, 2022
sunSUNQ
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests High
CVE-2011-3190 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Improper Neutralization of Special Elements used in an OS Command in Apache ActiveMQ High
CVE-2014-3576 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
sunSUNQ
Improper Authentication in Apache WSS4J High
CVE-2014-3612 was published for org.apache.activemq:activemq-broker (Maven) May 14, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API