Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,039
Maven
5,000+
npm
4,779
NuGet
824
pip
4,380
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

136 advisories

Loading
Improper Neutralization of Special Elements used in an OS Command in Apache ActiveMQ High
CVE-2014-3576 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
sunSUNQ Credited to sunSUNQ
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests High
CVE-2011-3190 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ Credited to sunSUNQ
Apache Struts Code injection due to conversion error High
CVE-2012-0838 was published for org.apache.struts.xwork:xwork-core (Maven) May 14, 2022
sunSUNQ Credited to sunSUNQ
Arbitrary code execution in Apache Struts 2 High
CVE-2013-2135 was published for org.apache.struts.xwork:xwork-core (Maven) May 14, 2022
sunSUNQ Credited to sunSUNQ
Arbitrary code execution in Apache Struts 2 High
CVE-2013-2134 was published for org.apache.struts.xwork:xwork-core (Maven) May 14, 2022
sunSUNQ Credited to sunSUNQ
Apache Tomcat does not enforce the maxHttpHeaderSize limit High
CVE-2011-0534 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ Credited to sunSUNQ
Improper Neutralization of Input During Web Page Generation in Apache Tomcat High
CVE-2015-5346 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ Credited to sunSUNQ
Cloud Foundry UAA SessionID present in Audit Event Logs High
CVE-2018-1192 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 14, 2022
sunSUNQ Credited to sunSUNQ
Race Condition in Jenkins High
CVE-2017-1000503 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
sunSUNQ Credited to sunSUNQ
Apache Struts CSRF Vulnerability High
CVE-2016-4430 was published for org.apache.struts.xwork:xwork-core (Maven) May 17, 2022
sunSUNQ Credited to sunSUNQ
Django Vulnerable to HTTP Response Splitting Attack High
CVE-2015-5144 was published for Django (pip) May 17, 2022
sunSUNQ Credited to sunSUNQ
Incomplete exclude pattern in Apache Struts High
CVE-2015-1831 was published for org.apache.struts.xwork:xwork-core (Maven) May 17, 2022
sunSUNQ Credited to sunSUNQ
Apache Struts Open Redirect High
CVE-2016-4433 was published for org.apache.struts.xwork:xwork-core (Maven) May 17, 2022
sunSUNQ Credited to sunSUNQ
Improper Neutralization of Directives in Dynamically Evaluated Code in Spring Framework High
CVE-2011-2730 was published for org.springframework:spring-core (Maven) May 17, 2022
sunSUNQ Credited to sunSUNQ
Django DoS in django.views.static.serve High
CVE-2015-0221 was published for Django (pip) May 17, 2022
sunSUNQ Credited to sunSUNQ
Code injection in Apache Struts High
CVE-2013-4316 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ Credited to sunSUNQ
Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer High
CVE-2012-3444 was published for Django (pip) May 17, 2022
sunSUNQ Credited to sunSUNQ
Cross-Site Request Forgery in Jenkins High
CVE-2020-2160 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault Credited to NotMyFault and sunSUNQ sunSUNQ sunSUNQ
Buffer over-flow in Pillow High
CVE-2022-30595 was published for Pillow (pip) May 26, 2022
sunSUNQ Credited to sunSUNQ
Cross-site Scripting vulnerability in Jenkins High
CVE-2022-34170 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault Credited to NotMyFault and sunSUNQ sunSUNQ sunSUNQ
Django vulnerable to Reflected File Download attack High
CVE-2022-36359 was published for Django (pip) Aug 11, 2022
sunSUNQ Credited to sunSUNQ, levpachmanov, and G-Rath levpachmanov levpachmanov
G-Rath G-Rath
Apache Airflow vulnerable to Use of Externally-Controlled Format String High
CVE-2022-40604 was published for apache-airflow (pip) Sep 22, 2022
sunSUNQ Credited to sunSUNQ
Uncontrolled Resource Consumption in FasterXML jackson-databind High
CVE-2022-42004 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz Credited to AdamKorcz, sonnyhcl, sunSUNQ, and pjfanning sonnyhcl sonnyhcl
sunSUNQ sunSUNQ pjfanning pjfanning
Uncontrolled Resource Consumption in Jackson-databind High
CVE-2022-42003 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz Credited to AdamKorcz, coheigea, sonnyhcl, Christiaan-de-Wet, and sunSUNQ coheigea coheigea
sonnyhcl sonnyhcl Christiaan-de-Wet Christiaan-de-Wet sunSUNQ sunSUNQ
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API High
CVE-2022-41672 was published for apache-airflow (pip) Oct 7, 2022
sunSUNQ Credited to sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database