GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
33 advisories
Local Temp Directory Hijacking Vulnerability
High
CVE-2020-27216
was published
for
org.eclipse.jetty:jetty-webapp
(Maven)
Nov 4, 2020
TemporaryFolder on unix-like systems does not limit access to created files
Moderate
CVE-2020-15250
was published
for
junit:junit
(Maven)
Oct 12, 2020
Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting)
Critical
CVE-2020-7622
was published
for
io.jooby:jooby-netty
(Maven)
Apr 3, 2020
Micronaut's HTTP client is vulnerable to HTTP Request Header Injection
Critical
CVE-2020-7611
was published
for
io.micronaut:micronaut-http-client
(Maven)
Mar 30, 2020
HTTP Response Splitting in Styx
Moderate
CVE-2020-6858
was published
for
com.hotels.styx:styx-api
(Maven)
Mar 3, 2020
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled))
Moderate
CVE-2019-10782
was published
for
com.puppycrawl.tools:checkstyle
(Maven)
Jan 31, 2020
Default development error handler in Ratpack is vulnerable to HTML content injection (XSS)
Moderate
CVE-2019-10770
was published
for
io.ratpack:ratpack-core
(Maven)
Jan 27, 2020
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria
Moderate
GHSA-35fr-h7jr-hh86
was published
for
com.linecorp.armeria:armeria
(Maven)
Dec 6, 2019
ProTip!
Advisories are also available from the
GraphQL API