Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

16 advisories

Loading
Code execution via deserialization in org.apache.ignite:ignite-core Critical
CVE-2018-8018 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018
MarkLee131 Credited to MarkLee131
Apache Tika allows Java code execution for serialized objects embedded in MATLAB files Critical
CVE-2016-6809 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
MarkLee131 Credited to MarkLee131
Spring Data Commons remote code injection vulnerability Critical
CVE-2018-1273 was published for org.springframework.data:spring-data-commons (Maven) Oct 17, 2018
sharonbz Credited to sharonbz, MarkLee131, and r3kumar MarkLee131 MarkLee131
r3kumar r3kumar
Remote code execution occurs in Apache Solr Critical
CVE-2017-12629 was published for org.apache.solr:solr-core (Maven) Oct 17, 2018
MarkLee131 Credited to MarkLee131
Spring Framework has Improperly Implemented Security Check for Standard Critical
CVE-2018-1275 was published for org.springframework:spring-messaging (Maven) Oct 17, 2018
sunSUNQ Credited to sunSUNQ and MarkLee131 MarkLee131 MarkLee131
Deserialization of Untrusted Data in Pippo Critical
CVE-2018-18628 was published for ro.pippo:pippo-core (Maven) Oct 24, 2018
MarkLee131 Credited to MarkLee131
Improper Restriction of XML External Entity Reference in pippo-core Critical
CVE-2018-20059 was published for ro.pippo:pippo-core (Maven) Dec 19, 2018
MarkLee131 Credited to MarkLee131
Command Injection in Xstream Critical
CVE-2013-7285 was published for com.thoughtworks.xstream:xstream (Maven) May 29, 2019
mmabdpr Credited to mmabdpr and MarkLee131 MarkLee131 MarkLee131
Authorization Bypass in Spring Security Critical
CVE-2014-3527 was published for org.springframework.security:spring-security-core (Maven) Sep 15, 2020
MarkLee131 Credited to MarkLee131
Apache Tomcat affected by vulnerability in TLS and SSL protocol Critical
CVE-2009-3555 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 Credited to MarkLee131 and sunSUNQ sunSUNQ sunSUNQ
Deserialization of Untrusted Data in Apache Batik Critical
CVE-2018-8013 was published for org.apache.xmlgraphics:batik (Maven) May 13, 2022
MarkLee131 Credited to MarkLee131
Hostname verification in Apache HttpClient 4.3 was disabled by default Critical
CVE-2013-4366 was published for org.apache.httpcomponents:httpclient (Maven) May 13, 2022
briandealwis Credited to briandealwis and MarkLee131 MarkLee131 MarkLee131
Missing Authentication for Critical Function in Apache Cassandra Critical
CVE-2018-8016 was published for org.apache.cassandra:cassandra-all (Maven) May 13, 2022
MarkLee131 Credited to MarkLee131
Apache ActiveMQ Apollo XXE Vulnerability Critical
CVE-2014-3579 was published for org.apache.activemq:apollo-project (Maven) May 14, 2022
MarkLee131 Credited to MarkLee131
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability Critical
CVE-2014-4172 was published for DotNetCasClient (Composer) May 17, 2022
MarkLee131 Credited to MarkLee131
SQL injection in jeecgboot Critical
CVE-2023-40989 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Sep 22, 2023
MarkLee131 Credited to MarkLee131
ProTip! Advisories are also available from the GraphQL API