GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
130 advisories
Apache ActiveMQ Deserialization of Untrusted Data vulnerability
High
CVE-2022-41678
was published
for
org.apache.activemq:apache-activemq
(Maven)
Nov 28, 2023
Spring Framework vulnerable to denial of service
High
CVE-2023-34053
was published
for
org.springframework:spring-webmvc
(Maven)
Nov 28, 2023
Apache Tomcat vulnerable to information leak
High
CVE-2023-34981
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jun 21, 2023
Spring Framework vulnerable to denial of service
High
CVE-2023-20863
was published
for
org.springframework:spring-expression
(Maven)
Apr 13, 2023
Apache Commons FileUpload denial of service vulnerability
High
CVE-2023-24998
was published
for
commons-fileupload:commons-fileupload
(Maven)
Feb 20, 2023
Apache Airflow subject to Exposure of Sensitive Information
High
CVE-2022-27949
was published
for
apache-airflow
(pip)
Nov 14, 2022
Apache Tomcat may reject request containing invalid Content-Length header
High
CVE-2022-42252
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 1, 2022
Django denial-of-service vulnerability in internationalized URLs
High
CVE-2022-41323
was published
for
django
(pip)
Oct 16, 2022
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API
High
CVE-2022-41672
was published
for
apache-airflow
(pip)
Oct 7, 2022
Uncontrolled Resource Consumption in FasterXML jackson-databind
High
CVE-2022-42004
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 3, 2022
Uncontrolled Resource Consumption in Jackson-databind
High
CVE-2022-42003
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 3, 2022
Apache Airflow vulnerable to Use of Externally-Controlled Format String
High
CVE-2022-40604
was published
for
apache-airflow
(pip)
Sep 22, 2022
Django vulnerable to Reflected File Download attack
High
CVE-2022-36359
was published
for
Django
(pip)
Aug 11, 2022
Cross-site Scripting vulnerability in Jenkins
High
CVE-2022-34170
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
Cross-Site Request Forgery in Jenkins
High
CVE-2020-2160
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Code injection in Apache Struts
High
CVE-2013-4316
was published
for
org.apache.struts:struts2-core
(Maven)
May 17, 2022
Improper Neutralization of Directives in Dynamically Evaluated Code in Spring Framework
High
CVE-2011-2730
was published
for
org.springframework:spring-core
(Maven)
May 17, 2022
Apache Struts Open Redirect
High
CVE-2016-4433
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 17, 2022
Incomplete exclude pattern in Apache Struts
High
CVE-2015-1831
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 17, 2022
Apache Struts CSRF Vulnerability
High
CVE-2016-4430
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 17, 2022
Race Condition in Jenkins
High
CVE-2017-1000503
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Cloud Foundry UAA SessionID present in Audit Event Logs
High
CVE-2018-1192
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 14, 2022
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
High
CVE-2015-5346
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API