GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
138 advisories
Filter by severity
Improper Handling of Exceptional Conditions in Apache Tomcat
High
CVE-2017-5664
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Improper Resource Shutdown or Release in Apache Tomcat
High
CVE-2017-5650
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Cloud Foundry UAA Privilege Escalation
High
CVE-2018-15761
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Improper Access Control in Apache Tomcat
High
CVE-2016-5388
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 13, 2022
Code injection in Apache Struts
High
CVE-2013-2115
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 13, 2022
Improper Input Validation in Apache Tomcat
High
CVE-2016-6816
was published
for
org.apache.tomcat:tomcat-coyote
(Maven)
May 13, 2022
Code injection in Apache Struts
High
CVE-2013-2251
was published
for
org.apache.struts:struts2-core
(Maven)
May 13, 2022
XML Signature/Encryption Not Validated in Apache CXF
High
CVE-2012-2379
was published
for
org.apache.cxf:cxf
(Maven)
May 13, 2022
Covert Timing Channel in Apache CXF
High
CVE-2017-3156
was published
for
org.apache.cxf.karaf:apache-cxf
(Maven)
May 13, 2022
Remote web-service operation execution in Apache CXF
High
CVE-2012-3451
was published
for
org.apache.cxf:cxf
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in Apache CXF JAX-RS
High
CVE-2016-8739
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Session Fixation in Apache CXF
High
CVE-2017-5656
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Cloud Foundry UAA password reset vulnerability
High
CVE-2017-4991
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Cloud Foundry UAA Privilege Escalation
High
CVE-2017-4973
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Cloud Foundry UAA reset password vulnerable to brute force attack
High
CVE-2016-3084
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Cloud Foundry denial of service vulnerability
High
CVE-2017-4960
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
UAA privilege escalation across identity zones
High
CVE-2018-1262
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Cloud Foundry Runtime Cross-Site Request Forgery vulnerability
High
CVE-2015-5170
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Improper Authorization in Jenkins Core
High
CVE-2019-1003003
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in Spring Framework
High
CVE-2014-0225
was published
for
org.springframework:spring-webmvc
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Spring Security
High
CVE-2017-4995
was published
for
org.springframework.security:spring-security-core
(Maven)
May 13, 2022
Apache Tomcat vulnerable to SecurityManager bypass
High
CVE-2016-6796
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Incorrect Authorization in Apache Tomcat
High
CVE-2016-6797
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption
High
CVE-2022-29885
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Denial of service in Spring Framework
High
CVE-2022-22970
was published
for
org.springframework:spring-beans
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API