Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

350 advisories

Loading
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat Moderate
CVE-2015-5345 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ anlakii
Credited to sunSUNQ and anlakii
Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request High
CVE-2016-8747 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Insufficient Verification of Data Authenticity in Apache Tomcat Moderate
CVE-2017-7674 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
tdunlap607 sunSUNQ
Credited to tdunlap607 and sunSUNQ
Unrestricted Upload of File with Dangerous Type Apache Tomcat High
CVE-2017-12617 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 14, 2022
sunSUNQ anlakii
Credited to sunSUNQ and anlakii
Improper Neutralization of Input During Web Page Generation Apache ActiveMQ Moderate
CVE-2016-6810 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Cross-Site Request Forgery in Jenkins High
CVE-2017-1000504 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Improper Neutralization of Special Elements used in an LDAP Query in Jenkins Critical
CVE-2016-9299 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Improper Limitation of a Pathname to a Restricted Directory in Spring Framework Moderate
CVE-2014-3578 was published for org.springframework:spring-core (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Improper Control of Generation of Code in Apache Struts High
CVE-2013-1965 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ MarkLee131
Credited to sunSUNQ and MarkLee131
Arbitrary code execution in Apache Struts High
CVE-2013-1966 was published for org.apache.struts.xwork:xwork-core (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
ClassLoader manipulation in Apache Struts Moderate
CVE-2014-0094 was published for org.apache.struts.xwork:xwork-core (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Apache Struts vulnerable to arbitrary remote code execution due to improper input validation Critical
CVE-2016-3087 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
ClassLoader manipulation in Apache Struts High
CVE-2014-0116 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Path Traversal in Apache Struts Critical
CVE-2016-6795 was published for org.apache.struts:struts2-convention-plugin (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Arbitrary code execution in Apache Struts 2 Critical
CVE-2016-4438 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Apache Struts RCE Vulnerability High
CVE-2016-0785 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Cloud Foundry UAA accepts refresh token as access token on admin endpoints High
CVE-2018-11047 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
Improper Handling of Exceptional Conditions in Apache Tomcat High
CVE-2017-5664 was published for org.apache.tomcat:tomcat (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
Improper Resource Shutdown or Release in Apache Tomcat High
CVE-2017-5650 was published for org.apache.tomcat:tomcat (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
Expected Behavior Violation in Apache Tomcat Critical
CVE-2017-5651 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 13, 2022
sunSUNQ westonsteimel
Credited to sunSUNQ and westonsteimel
Cloud Foundry UAA Privilege Escalation High
CVE-2018-15761 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
Jenkins CLI Deserialization of Untrusted Data vulnerability Critical
CVE-2015-8103 was published for org.jenkins-ci.main:cli (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
Improper Input Validation in Apache ActiveMQ Critical
CVE-2015-5254 was published for org.apache.activemq:activemq-client (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
Improper Control of Generation of Code in Apache Camel Moderate
CVE-2013-4330 was published for org.apache.camel:camel-core (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
Exposure of Resource to Wrong Sphere in Apache Tomcat Critical
CVE-2017-5648 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 13, 2022
sunSUNQ westonsteimel
Credited to sunSUNQ and westonsteimel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database