GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
837 advisories
jackson-databind mishandles the interaction between serialization gadgets and typing
Critical
CVE-2020-9548
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting)
Critical
CVE-2020-7622
was published
for
io.jooby:jooby-netty
(Maven)
Apr 3, 2020
Micronaut's HTTP client is vulnerable to HTTP Request Header Injection
Critical
CVE-2020-7611
was published
for
io.micronaut:micronaut-http-client
(Maven)
Mar 30, 2020
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2020-8840
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Mar 4, 2020
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2019-20330
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Mar 4, 2020
HTTP Request Smuggling in Netty
Critical
CVE-2019-20444
was published
for
io.netty:netty
(Maven)
Feb 21, 2020
Improper implementation of the session fixation protection in Infinispan
Critical
CVE-2019-10158
was published
for
org.infinispan:infinispan-core
(Maven)
Jan 21, 2020
Deserialization of Untrusted Data in Log4j
Critical
CVE-2019-17571
was published
for
log4j:log4j
(Maven)
Jan 6, 2020
ProTip!
Advisories are also available from the
GraphQL API