GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
309 advisories
Spinnaker: RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths
Critical
CVE-2026-32604
was published
for
io.spinnaker.clouddriver:clouddriver-artifacts-gitrepo
(Maven)
Apr 21, 2026
Apache Tomcat has an Improper Input Validation vulnerability
Moderate
CVE-2026-32990
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Apr 9, 2026
Authenticated Apache ActiveMQ Broker and Apache ActiveMQ users could perform RCE via Jolokia MBeans
High
CVE-2026-34197
was published
for
org.apache.activemq:activemq-all
(Maven)
Apr 7, 2026
org.eclipse.jetty:jetty-http has different parsing of invalid URIs
Low
CVE-2025-11143
was published
for
org.eclipse.jetty:jetty-http
(Maven)
Mar 5, 2026
Apache Tomcat - Security constraint bypass with HTTP/0.9
Low
CVE-2026-24733
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Feb 17, 2026
Apache Tomcat has an Improper Input Validation vulnerability
High
CVE-2026-24734
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Feb 17, 2026
Apache Tomcat - Client certificate verification bypass
Moderate
CVE-2025-66614
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Feb 17, 2026
Undertow HTTP server core doesn't properly validate the Host header in incoming HTTP requests
Critical
CVE-2025-12543
was published
for
io.undertow:undertow-core
(Maven)
Jan 7, 2026
Spinnaker vulnerable to SSRF due to improper restrictions on http from user input
High
CVE-2025-61916
was published
for
io.spinnaker.clouddriver:clouddriver-artifacts
(Maven)
Jan 5, 2026
Undertow OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded
High
CVE-2024-3884
was published
for
io.undertow:undertow-core
(Maven)
Dec 3, 2025
JDBC Driver for SQL Server has improper input validation issue
High
CVE-2025-59250
was published
for
com.microsoft.sqlserver:mssql-jdbc
(Maven)
Oct 14, 2025
QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing
Moderate
CVE-2025-11226
was published
for
ch.qos.logback:logback-core
(Maven)
Oct 1, 2025
MinIO Java Client XML Tag Value Substitution Vulnerability
High
CVE-2025-59952
was published
for
io.minio:minio
(Maven)
Sep 29, 2025
ProTip!
Advisories are also available from the
GraphQL API