GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
33 advisories
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled))
Moderate
CVE-2019-10782
was published
for
com.puppycrawl.tools:checkstyle
(Maven)
Jan 31, 2020
HTTP Response Splitting in Styx
Moderate
CVE-2020-6858
was published
for
com.hotels.styx:styx-api
(Maven)
Mar 3, 2020
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria
Moderate
GHSA-35fr-h7jr-hh86
was published
for
com.linecorp.armeria:armeria
(Maven)
Dec 6, 2019
Local information disclosure via system temporary directory
Moderate
CVE-2021-28168
was published
for
org.glassfish.jersey.core:jersey-common
(Maven)
Apr 23, 2021
Local Information Disclosure Vulnerability in io.netty:netty-codec-http
Moderate
CVE-2022-24823
was published
for
io.netty:netty-codec-http
(Maven)
May 10, 2022
Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot
High
CVE-2022-27772
was published
for
org.springframework.boot:spring-boot
(Maven)
Jul 11, 2022
Partial Path Traversal in com.amazonaws:aws-java-sdk-s3
High
CVE-2022-31159
was published
for
com.amazonaws:aws-java-sdk-s3
(Maven)
Jul 15, 2022
Neo4j Graph apoc plugins Partial Path Traversal Vulnerability
Moderate
CVE-2022-37423
was published
for
org.neo4j.procedure:apoc
(Maven)
Aug 12, 2022
Ratpack's default client side session signing key is highly predictable
Moderate
CVE-2021-29480
was published
for
io.ratpack:ratpack-session
(Maven)
Jul 1, 2021
Generated Code Contains Local Information Disclosure Vulnerability
Moderate
CVE-2021-21364
was published
for
io.swagger:swagger-codegen
(Maven)
Mar 11, 2021
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code
Moderate
CVE-2021-21430
was published
for
org.openapitools:openapi-generator
(Maven)
May 11, 2021
Venice vulnerable to Partial Path Traversal issue within the functions `load-file` and `load-resource`
Moderate
CVE-2022-36007
was published
for
com.github.jlangch:venice
(Maven)
Aug 18, 2022
Local Information Disclosure Vulnerability
Low
CVE-2021-21331
was published
for
com.datadoghq:datadog-api-client
(Maven)
Mar 3, 2021
Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting)
Critical
CVE-2020-7622
was published
for
io.jooby:jooby-netty
(Maven)
Apr 3, 2020
TemporaryFolder on unix-like systems does not limit access to created files
Moderate
CVE-2020-15250
was published
for
junit:junit
(Maven)
Oct 12, 2020
Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory
Low
CVE-2021-21363
was published
for
io.swagger:swagger-codegen
(Maven)
Mar 11, 2021
Netflix/Priam: Temporary Directory Information Disclosure
Moderate
CVE-2021-28100
was published
for
com.netflix.priam:priam
(Maven)
Mar 30, 2021
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin
Moderate
CVE-2021-21429
was published
for
org.openapitools:openapi-generator-maven-plugin
(Maven)
Apr 29, 2021
Temporary Directory Hijacking Vulnerability in Keycloak
High
CVE-2021-20202
was published
for
org.keycloak:keycloak-core
(Maven)
Mar 18, 2022
Cached redirect poisoning via X-Forwarded-Host header
High
CVE-2021-29479
was published
for
io.ratpack:ratpack-core
(Maven)
Jul 1, 2021
Remote Code Execution Vulnerability in Session Storage
Critical
CVE-2021-29485
was published
for
io.ratpack:ratpack-core
(Maven)
Jul 1, 2021
Unencrypted storage of client side sessions
Moderate
CVE-2021-29481
was published
for
io.ratpack:ratpack-session
(Maven)
Jul 1, 2021
MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`
Critical
CVE-2023-24057
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.convertors
(Maven)
Jan 23, 2023
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator
Critical
CVE-2021-21428
was published
for
org.openapitools:openapi-generator-online
(Maven)
May 11, 2021
Local Information Disclosure Vulnerability in Netty on Unix-Like systems
Moderate
CVE-2021-21290
was published
for
io.netty:netty
(Maven)
Feb 8, 2021
ProTip!
Advisories are also available from the
GraphQL API