Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,039
Maven
5,000+
npm
4,779
NuGet
824
pip
4,380
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

136 advisories

Loading
Incorrect Session Validation in Apache Airflow High
CVE-2020-17526 was published for apache-airflow (pip) Apr 20, 2021
sunSUNQ Credited to sunSUNQ
Uncontrolled Resource Consumption in Pillow High
CVE-2021-28677 was published for Pillow (pip) Jun 8, 2021
sunSUNQ Credited to sunSUNQ
Improper Authentication in Apache ActiveMQ and Apache Artemis High
CVE-2021-26117 was published for org.apache.activemq:activemq-parent (Maven) Jun 16, 2021
sunSUNQ Credited to sunSUNQ
Missing Release of Resource after Effective Lifetime in Apache Tomcat High
CVE-2021-42340 was published for org.apache.tomcat:tomcat (Maven) Oct 15, 2021
sunSUNQ Credited to sunSUNQ
Out-of-bounds read in Pillow High
CVE-2020-10378 was published for Pillow (pip) Nov 3, 2021
sunSUNQ Credited to sunSUNQ
Serialization gadgets exploit in jackson-databind High
CVE-2020-35490 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
sunSUNQ Credited to sunSUNQ
Denial-of-service in Django High
CVE-2021-45115 was published for Django (pip) Jan 12, 2022
sunSUNQ Credited to sunSUNQ
Infinite Loop in Apache Tomcat High
CVE-2020-13935 was published for org.apache.tomcat:tomcat (Maven) Feb 8, 2022
sunSUNQ Credited to sunSUNQ
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat High
CVE-2020-17527 was published for org.apache.tomcat:tomcat-coyote (Maven) Feb 9, 2022
sunSUNQ Credited to sunSUNQ
Uncontrolled Resource Consumption in Apache Tomcat High
CVE-2020-11996 was published for org.apache.tomcat:tomcat (Maven) Feb 9, 2022
sunSUNQ Credited to sunSUNQ
Path traversal in Pillow High
CVE-2022-24303 was published for Pillow (pip) Mar 11, 2022
sunSUNQ Credited to sunSUNQ
Deeply nested json in jackson-databind High
CVE-2020-36518 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Mar 12, 2022
farbeiza-enverus Credited to farbeiza-enverus, stickycode, mr-c, victornoel, guima, Zeouterlimits, joschi, JoshDM, and sunSUNQ stickycode stickycode
mr-c mr-c victornoel victornoel guima guima Zeouterlimits Zeouterlimits joschi joschi JoshDM JoshDM sunSUNQ sunSUNQ
Denial of service in Spring Framework High
CVE-2022-22970 was published for org.springframework:spring-beans (Maven) May 13, 2022
amita-seal Credited to amita-seal and sunSUNQ sunSUNQ sunSUNQ
Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption High
CVE-2022-29885 was published for org.apache.tomcat:tomcat (Maven) May 13, 2022
sunSUNQ Credited to sunSUNQ
Incorrect Authorization in Apache Tomcat High
CVE-2016-6797 was published for org.apache.tomcat:tomcat (Maven) May 13, 2022
sunSUNQ Credited to sunSUNQ
Deserialization of Untrusted Data in Spring Security High
CVE-2017-4995 was published for org.springframework.security:spring-security-core (Maven) May 13, 2022
sunSUNQ Credited to sunSUNQ
Apache Tomcat vulnerable to SecurityManager bypass High
CVE-2016-6796 was published for org.apache.tomcat:tomcat (Maven) May 13, 2022
sunSUNQ Credited to sunSUNQ
Improper Restriction of XML External Entity Reference in Spring Framework High
CVE-2014-0225 was published for org.springframework:spring-webmvc (Maven) May 13, 2022
sunSUNQ Credited to sunSUNQ
Improper Authorization in Jenkins Core High
CVE-2019-1003003 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
sunSUNQ Credited to sunSUNQ
Cloud Foundry Runtime Cross-Site Request Forgery vulnerability High
CVE-2015-5170 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ Credited to sunSUNQ
UAA privilege escalation across identity zones High
CVE-2018-1262 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ Credited to sunSUNQ
Cloud Foundry UAA reset password vulnerable to brute force attack High
CVE-2016-3084 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ Credited to sunSUNQ
Cloud Foundry denial of service vulnerability High
CVE-2017-4960 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ Credited to sunSUNQ
Cloud Foundry UAA Privilege Escalation High
CVE-2017-4973 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ Credited to sunSUNQ
Cloud Foundry UAA password reset vulnerability High
CVE-2017-4991 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ Credited to sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database