Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,815
Erlang
36
GitHub Actions
32
Go
2,401
Maven
5,000+
npm
4,044
NuGet
723
pip
3,830
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

127 advisories

Loading
Code injection in Apache Struts High
CVE-2013-2251 was published for org.apache.struts:struts2-core (Maven) May 13, 2022
sunSUNQ
Improper Input Validation in BeanShell High
CVE-2016-2510 was published for org.apache-extras.beanshell:bsh (Maven) May 13, 2022
Improper Input Validation in Apache CXF High
CVE-2010-2076 was published for org.apache.cxf:cxf-rt-frontend-jaxrs (Maven) May 13, 2022
Remote web-service operation execution in Apache CXF High
CVE-2012-3451 was published for org.apache.cxf:cxf (Maven) May 13, 2022
sunSUNQ
Improper Input Validation in Apache Hadoop High
CVE-2017-3162 was published for org.apache.hadoop:hadoop-client (Maven) May 13, 2022
Improper Input Validation in Jenkins High
CVE-2018-1999002 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Improper Input Validation in Jenkins High
CVE-2018-1999001 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Apache Struts Remote Java Code Execution High
CVE-2012-0391 was published for org.apache.struts.xwork:xwork-core (Maven) May 4, 2022
sunSUNQ
Improper input validation in Mort Bay Jetty High
CVE-2009-4611 was published for org.mortbay.jetty:jetty (Maven) May 2, 2022
Improper Input Validation in Apache Struts High
CVE-2006-1547 was published for struts:struts (Maven) May 1, 2022
Apache Struts vulnerable to Improper Input Validation High
CVE-2006-1546 was published for struts:struts (Maven) May 1, 2022
ballcat-codegen template engine remote code execution injection High
CVE-2022-24881 was published for com.hccake:ballcat-codegen (Maven) Apr 27, 2022
LuckyT0mat0
Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP Access High
CVE-2012-4438 was published for org.jenkins-ci.main:jenkins-core (Maven) Apr 23, 2022
Improper Input Validation in GeoServer High
CVE-2022-24847 was published for org.geoserver:gs-main (Maven) Apr 22, 2022
kurt-r2c
Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL High
CVE-2022-29049 was published for org.jenkins-ci.plugins:promoted-builds (Maven) Apr 13, 2022
NotMyFault westonsteimel
Improper Handling of Exceptional Conditions and Improper Input Validation in Reactor Netty High
CVE-2020-5403 was published for io.projectreactor.netty:reactor-netty-http (Maven) Feb 10, 2022
Improper Input Validation in Apache Unomi High
CVE-2020-11975 was published for org.apache.unomi:unomi (Maven) Feb 9, 2022
Improper Input Validation in Keycloak High
CVE-2020-1714 was published for org.keycloak:keycloak-common (Maven) Feb 9, 2022
Server-side request forgery (SSRF) in Apache Batik High
CVE-2019-17566 was published for org.apache.xmlgraphics:batik (Maven) Feb 9, 2022
Server-side request forgery (SSRF) in Apache XmlGraphics Commons High
CVE-2020-11988 was published for org.apache.xmlgraphics:xmlgraphics-commons (Maven) Feb 9, 2022
Improper Input Validation in Parquet-MR High
CVE-2021-41561 was published for org.apache.parquet:parquet (Maven) Jan 6, 2022
raboof
Server-side request forgery (SSRF) in Apache Batik High
CVE-2020-11987 was published for org.apache.xmlgraphics:batik-svgbrowser (Maven) Jan 6, 2022
jkmartindale
Sandbox Bypass in Apache Velocity Engine High
CVE-2020-13936 was published for org.apache.velocity:velocity (Maven) Jan 6, 2022
Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion High
CVE-2021-45105 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 18, 2021
chrisbloom7 levinebw
ppkarwasz
Infinite loop in Tomcat due to parsing error High
CVE-2021-41079 was published for org.apache.tomcat:tomcat (Maven) Sep 20, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database