Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

349 advisories

Loading
Exposure of Resource to Wrong Sphere in Apache Tomcat Critical
CVE-2017-5648 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 13, 2022
sunSUNQ westonsteimel
Improper Control of Generation of Code in Apache Camel Moderate
CVE-2013-4330 was published for org.apache.camel:camel-core (Maven) May 13, 2022
sunSUNQ
Improper Input Validation in Apache ActiveMQ Critical
CVE-2015-5254 was published for org.apache.activemq:activemq-client (Maven) May 13, 2022
sunSUNQ
Jenkins CLI Deserialization of Untrusted Data vulnerability Critical
CVE-2015-8103 was published for org.jenkins-ci.main:cli (Maven) May 13, 2022
sunSUNQ
Cloud Foundry UAA Privilege Escalation High
CVE-2018-15761 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Improper Resource Shutdown or Release in Apache Tomcat High
CVE-2017-5650 was published for org.apache.tomcat:tomcat (Maven) May 13, 2022
sunSUNQ
Expected Behavior Violation in Apache Tomcat Critical
CVE-2017-5651 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 13, 2022
sunSUNQ westonsteimel
Improper Handling of Exceptional Conditions in Apache Tomcat High
CVE-2017-5664 was published for org.apache.tomcat:tomcat (Maven) May 13, 2022
sunSUNQ
Cloud Foundry UAA accepts refresh token as access token on admin endpoints High
CVE-2018-11047 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Apache Struts RCE Vulnerability High
CVE-2016-0785 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ
Path Traversal in Apache Struts Critical
CVE-2016-6795 was published for org.apache.struts:struts2-convention-plugin (Maven) May 14, 2022
sunSUNQ
Arbitrary code execution in Apache Struts 2 Critical
CVE-2016-4438 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ
ClassLoader manipulation in Apache Struts High
CVE-2014-0116 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ
Apache Struts vulnerable to arbitrary remote code execution due to improper input validation Critical
CVE-2016-3087 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ
Improper Control of Generation of Code in Apache Struts High
CVE-2013-1965 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ MarkLee131
Arbitrary code execution in Apache Struts High
CVE-2013-1966 was published for org.apache.struts.xwork:xwork-core (Maven) May 14, 2022
sunSUNQ
ClassLoader manipulation in Apache Struts Moderate
CVE-2014-0094 was published for org.apache.struts.xwork:xwork-core (Maven) May 14, 2022
sunSUNQ
Improper Limitation of a Pathname to a Restricted Directory in Spring Framework Moderate
CVE-2014-3578 was published for org.springframework:spring-core (Maven) May 14, 2022
sunSUNQ
Improper Neutralization of Special Elements used in an LDAP Query in Jenkins Critical
CVE-2016-9299 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
sunSUNQ
Cross-Site Request Forgery in Jenkins High
CVE-2017-1000504 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
sunSUNQ
Improper Neutralization of Input During Web Page Generation Apache ActiveMQ Moderate
CVE-2016-6810 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
sunSUNQ
Unrestricted Upload of File with Dangerous Type Apache Tomcat High
CVE-2017-12617 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request High
CVE-2016-8747 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Insufficient Verification of Data Authenticity in Apache Tomcat Moderate
CVE-2017-7674 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
tdunlap607 sunSUNQ
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat Moderate
CVE-2015-5345 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database