Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,039
Maven
5,000+
npm
4,779
NuGet
824
pip
4,380
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

103 advisories

Loading
Potential remote code execution in Apache Tomcat High
CVE-2020-9484 was published for org.apache.tomcat:tomcat-catalina (Maven) May 21, 2020
sunSUNQ Credited to sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-10968 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
sunSUNQ Credited to sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11113 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
sunSUNQ Credited to sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11620 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Apr 23, 2020
sunSUNQ Credited to sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-10672 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Apr 23, 2020
sunSUNQ Credited to sunSUNQ
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application High
CVE-2020-5398 was published for org.springframework:spring-webflux (Maven) Jan 21, 2020
briandealwis Credited to briandealwis and sunSUNQ sunSUNQ sunSUNQ
Improper Locking in Apache Tomcat High
CVE-2019-10072 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 26, 2019
sunSUNQ Credited to sunSUNQ
Information exposure in FasterXML jackson-databind High
CVE-2019-12086 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 23, 2019
sunSUNQ Credited to sunSUNQ
Improper Control of Generation of Code ('Code Injection') in org.apache.activemq:activemq-client High
CVE-2019-0222 was published for org.apache.activemq:activemq-client (Maven) Apr 2, 2019
sunSUNQ Credited to sunSUNQ
jackson-databind Deserialization of Untrusted Data vulnerability High
CVE-2018-12022 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Mar 25, 2019
sunSUNQ Credited to sunSUNQ
Spring Security vulnerable to Authorization Bypass High
CVE-2018-15801 was published for org.springframework.security:spring-security-core (Maven) Dec 20, 2018
MarkLee131 Credited to MarkLee131 and sunSUNQ sunSUNQ sunSUNQ
Improper Certificate Validation in Apache activemq-client High
CVE-2018-11775 was published for org.apache.activemq:activemq-client (Maven) Oct 19, 2018
sunSUNQ Credited to sunSUNQ
Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.* High
CVE-2018-8039 was published for org.apache.cxf:apache-cxf (Maven) Oct 19, 2018
sunSUNQ Credited to sunSUNQ and ebickle ebickle ebickle
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation High
CVE-2018-11776 was published for org.apache.struts:struts2-core (Maven) Oct 18, 2018
sunSUNQ Credited to sunSUNQ
Spring Security and Spring Framework may not recognize certain paths that should be protected High
CVE-2016-5007 was published for org.springframework.security:spring-security-core (Maven) Oct 17, 2018
sunSUNQ Credited to sunSUNQ
Files or Directories Accessible to External Parties in org.springframework:spring-core High
CVE-2015-5211 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ Credited to sunSUNQ
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass High
CVE-2018-1258 was published for org.springframework:spring-core (Maven) Oct 17, 2018
MarkLee131 Credited to MarkLee131 and sunSUNQ sunSUNQ sunSUNQ
The host name verification missing in Apache Tomcat High
CVE-2018-8034 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ Credited to sunSUNQ
In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder High
CVE-2018-1336 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ Credited to sunSUNQ
Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods High
CVE-2014-0003 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ Credited to sunSUNQ
Apache Camel's XSLT component allows remote attackers to read arbitrary files High
CVE-2014-0002 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ Credited to sunSUNQ
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE. High
CVE-2017-5643 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ Credited to sunSUNQ
Apache Camel can allow remote attackers to execute arbitrary commands High
CVE-2015-5348 was published for org.apache.camel:camel-ahc (Maven) Oct 16, 2018
sunSUNQ Credited to sunSUNQ
REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering High
CVE-2017-9805 was published for org.apache.struts:struts2-rest-plugin (Maven) Oct 16, 2018
sunSUNQ Credited to sunSUNQ
Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used High
CVE-2017-9804 was published for org.apache.struts:struts2-core (Maven) Oct 16, 2018
G-Rath Credited to G-Rath and sunSUNQ sunSUNQ sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database