GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
350 advisories
Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption
High
CVE-2022-29885
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Allocation of Resources Without Limits or Throttling in Spring Framework
Moderate
CVE-2022-22971
was published
for
org.springframework:spring-messaging
(Maven)
May 13, 2022
Denial of service in Spring Framework
High
CVE-2022-22970
was published
for
org.springframework:spring-beans
(Maven)
May 13, 2022
Improper Authentication in Apache CXF
Moderate
CVE-2013-0239
was published
for
org.apache.cxf:cxf-rt-frontend-jaxrs
(Maven)
May 5, 2022
Jenkins allows attackers to obtain the master cryptographic key
Low
CVE-2013-0158
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 5, 2022
Improper Neutralization of Input During Web Page Generation in Spring Framework
Moderate
CVE-2013-6430
was published
for
org.springframework:spring-web
(Maven)
May 5, 2022
Apache Struts's ParameterInterceptor component does not prevent access to public constructors
Moderate
CVE-2012-0393
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 4, 2022
Apache Struts's CookieInterceptor component does not use the parameter-name whitelist
Moderate
CVE-2012-0392
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 4, 2022
Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode
Moderate
CVE-2012-0394
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 4, 2022
Apache Struts Remote Java Code Execution
Critical
CVE-2012-0391
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 4, 2022
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
Moderate
CVE-2011-0013
was published
for
org.apache.tomcat:tomcat
(Maven)
May 3, 2022
Cross-site request forgery in Apache ActiveMQ
Moderate
CVE-2010-1244
was published
for
org.apache.activemq:activemq-parent
(Maven)
May 2, 2022
Cross-site scripting in Apache ActiveMQ
Low
CVE-2010-0684
was published
for
org.apache.activemq:activemq-parent
(Maven)
May 2, 2022
Apache Tomcat affected by vulnerability in TLS and SSL protocol
Moderate
CVE-2009-3555
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat
Moderate
CVE-2009-2902
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2009-2901
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
Apache Tomcat Directory Traversal vulnerability
Moderate
CVE-2009-2693
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
Apache Tomcat Cross-site scripting (XSS) vulnerability
Moderate
CVE-2008-1947
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 1, 2022
Apache Tomcat vulnerable to Cross-site Scripting
Low
CVE-2007-2450
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Apache Tomcat Directory Traversal
Moderate
CVE-2007-0450
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Deeply nested json in jackson-databind
High
CVE-2020-36518
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Mar 12, 2022
Apache Airflow Cross-site Scripting Vulnerability
Moderate
CVE-2021-45229
was published
for
apache-airflow
(pip)
Feb 26, 2022
Uncontrolled Resource Consumption in Apache Tomcat
High
CVE-2020-11996
was published
for
org.apache.tomcat:tomcat
(Maven)
Feb 9, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High
CVE-2020-17527
was published
for
org.apache.tomcat:tomcat-coyote
(Maven)
Feb 9, 2022
ProTip!
Advisories are also available from the
GraphQL API