GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
134 advisories
Undertow OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded
High
CVE-2024-3884
was published
for
io.undertow:undertow-core
(Maven)
Dec 3, 2025
Apache Tomcat has an Improper Input Validation vulnerability
High
CVE-2026-24734
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Feb 17, 2026
SMTP smuggling in Apache James
High
CVE-2023-51747
was published
for
org.apache.james:james-server
(Maven)
Feb 27, 2024
Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users
High
CVE-2024-23320
was published
for
org.apache.dolphinscheduler:dolphinscheduler-master
(Maven)
Feb 23, 2024
Spinnaker vulnerable to SSRF due to improper restrictions on http from user input
High
CVE-2025-61916
was published
for
io.spinnaker.clouddriver:clouddriver-artifacts
(Maven)
Jan 5, 2026
JDBC Driver for SQL Server has improper input validation issue
High
CVE-2025-59250
was published
for
com.microsoft.sqlserver:mssql-jdbc
(Maven)
Oct 14, 2025
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation
High
CVE-2018-11776
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 18, 2018
Improper Input Validation in Apache Struts
High
CVE-2016-1182
was published
for
org.apache.struts:struts-core
(Maven)
May 13, 2022
Improper Input Validation in Apache Struts
High
CVE-2016-1181
was published
for
org.apache.struts:struts-core
(Maven)
May 13, 2022
Improper Input Validation in Apache Struts
High
CVE-2015-0899
was published
for
org.apache.struts:struts-core
(Maven)
May 14, 2022
Denial of service in jackson-dataformat-toml
High
CVE-2023-3894
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformat-toml
(Maven)
Aug 8, 2023
MinIO Java Client XML Tag Value Substitution Vulnerability
High
CVE-2025-59952
was published
for
io.minio:minio
(Maven)
Sep 29, 2025
protobuf-java has potential Denial of Service issue
High
CVE-2024-7254
was published
for
com.google.protobuf:protobuf-java
(RubyGems)
Sep 19, 2024
Apache Tomcat Improper Input Validation vulnerability
High
CVE-2023-46589
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 28, 2023
Apache Avro Java SDK vulnerable to Improper Input Validation
High
CVE-2023-39410
was published
for
org.apache.avro:avro
(Maven)
Sep 29, 2023
ProTip!
Advisories are also available from the
GraphQL API