GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
134 advisories
Apache Camel's XSLT component allows remote attackers to read arbitrary files
High
CVE-2014-0002
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods
High
CVE-2014-0003
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
High
CVE-2017-5643
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Apache Camel can allow remote attackers to execute arbitrary commands
High
CVE-2015-5348
was published
for
org.apache.camel:camel-ahc
(Maven)
Oct 16, 2018
Improper Neutralization of Special Elements used in an OS Command in Apache ActiveMQ
High
CVE-2014-3576
was published
for
org.apache.activemq:activemq-client
(Maven)
May 14, 2022
Improper Authentication in Apache WSS4J
High
CVE-2014-3612
was published
for
org.apache.activemq:activemq-broker
(Maven)
May 14, 2022
Improper Certificate Validation in Apache activemq-client
High
CVE-2018-11775
was published
for
org.apache.activemq:activemq-client
(Maven)
Oct 19, 2018
XML Signature/Encryption Not Validated in Apache CXF
High
CVE-2012-2379
was published
for
org.apache.cxf:cxf
(Maven)
May 13, 2022
Remote web-service operation execution in Apache CXF
High
CVE-2012-3451
was published
for
org.apache.cxf:cxf
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in Apache CXF JAX-RS
High
CVE-2016-8739
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Covert Timing Channel in Apache CXF
High
CVE-2017-3156
was published
for
org.apache.cxf.karaf:apache-cxf
(Maven)
May 13, 2022
Session Fixation in Apache CXF
High
CVE-2017-5656
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.*
High
CVE-2018-8039
was published
for
org.apache.cxf:apache-cxf
(Maven)
Oct 19, 2018
Apache Struts Remote Java Code Execution
High
CVE-2012-0391
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 4, 2022
Apache Struts Code injection due to conversion error
High
CVE-2012-0838
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Arbitrary code execution in Apache Struts
High
CVE-2013-1966
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Code injection in Apache Struts
High
CVE-2013-2115
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 13, 2022
Arbitrary code execution in Apache Struts 2
High
CVE-2013-2134
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Arbitrary code execution in Apache Struts 2
High
CVE-2013-2135
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Code injection in Apache Struts
High
CVE-2013-2251
was published
for
org.apache.struts:struts2-core
(Maven)
May 13, 2022
Code injection in Apache Struts
High
CVE-2013-4316
was published
for
org.apache.struts:struts2-core
(Maven)
May 17, 2022
ClassLoader manipulation in Apache Struts
High
CVE-2014-0116
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Incomplete exclude pattern in Apache Struts
High
CVE-2015-1831
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 17, 2022
Apache Struts RCE Vulnerability
High
CVE-2016-0785
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Apache Struts CSRF Vulnerability
High
CVE-2016-4430
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API