GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
349 advisories
Cloud Foundry UAA SessionID present in Audit Event Logs
High
CVE-2018-1192
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 14, 2022
Apache Struts vulnerable to possible DoS attack when using URLValidator
Moderate
CVE-2016-8738
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
High
CVE-2015-5346
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Cloud Foundry UAA open redirect
Moderate
CVE-2018-11041
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 14, 2022
Apache Tomcat does not enforce the maxHttpHeaderSize limit
High
CVE-2011-0534
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Apache Tomcat allows remote attackers to bypass intended access restrictions
Moderate
CVE-2011-1088
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Access controll bypass in Apache Tomcat
Moderate
CVE-2011-1183
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Access restriction bypass in Apache Tomcat
Moderate
CVE-2011-1582
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data
Moderate
CVE-2011-2894
was published
for
org.springframework.security:spring-security-core
(Maven)
May 14, 2022
Cross-Site Request Forgery in Apache Struts
Moderate
CVE-2014-7809
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler
Moderate
CVE-2010-1587
was published
for
org.apache.activemq:activemq-web-console
(Maven)
May 14, 2022
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
Moderate
CVE-2010-4172
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Apache Tomcat affected by infinite loop in Double.parseDouble method in Java Runtime Environment
Moderate
CVE-2010-4476
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Arbitrary code execution in Apache Struts 2
High
CVE-2013-2134
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Arbitrary code execution in Apache Struts 2
High
CVE-2013-2135
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Cross-site Scripting in Apache Struts
Moderate
CVE-2016-4003
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Apache Struts Code injection due to conversion error
High
CVE-2012-0838
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Cloud Foundry vulnerable to Improper Certificate Validation
Moderate
CVE-2016-5016
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 14, 2022
Improper Verification of Source of a Communication Channel in Apache Tomcat
Moderate
CVE-2016-0763
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Directory Traversal in Apache Tomcat
Moderate
CVE-2008-5515
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Input Validation in Apache Tomcat
Moderate
CVE-2011-2526
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Apache Tomcat does not properly handle an invalid Transfer-Encoding header
Moderate
CVE-2010-2227
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Insertion of Sensitive Information into Log File in Apache Tomcat
Moderate
CVE-2011-2204
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2011-5062
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2011-5063
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API