GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
161 advisories
Improper Limitation of a Pathname to a Restricted Directory in Jenkins
Moderate
CVE-2018-6356
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Allocation of Resources Without Limits or Throttling in Spring Framework
Moderate
CVE-2022-22971
was published
for
org.springframework:spring-messaging
(Maven)
May 13, 2022
Improper Authentication in Apache CXF
Moderate
CVE-2013-0239
was published
for
org.apache.cxf:cxf-rt-frontend-jaxrs
(Maven)
May 5, 2022
Improper Neutralization of Input During Web Page Generation in Spring Framework
Moderate
CVE-2013-6430
was published
for
org.springframework:spring-web
(Maven)
May 5, 2022
Apache Struts's ParameterInterceptor component does not prevent access to public constructors
Moderate
CVE-2012-0393
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 4, 2022
Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode
Moderate
CVE-2012-0394
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 4, 2022
Apache Struts's CookieInterceptor component does not use the parameter-name whitelist
Moderate
CVE-2012-0392
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 4, 2022
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
Moderate
CVE-2011-0013
was published
for
org.apache.tomcat:tomcat
(Maven)
May 3, 2022
Cross-site request forgery in Apache ActiveMQ
Moderate
CVE-2010-1244
was published
for
org.apache.activemq:activemq-parent
(Maven)
May 2, 2022
Apache Tomcat affected by vulnerability in TLS and SSL protocol
Moderate
CVE-2009-3555
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat
Moderate
CVE-2009-2902
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2009-2901
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
Apache Tomcat Directory Traversal vulnerability
Moderate
CVE-2009-2693
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
Apache Tomcat Cross-site scripting (XSS) vulnerability
Moderate
CVE-2008-1947
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 1, 2022
Apache Tomcat Directory Traversal
Moderate
CVE-2007-0450
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Apache Airflow Cross-site Scripting Vulnerability
Moderate
CVE-2021-45229
was published
for
apache-airflow
(pip)
Feb 26, 2022
Improper Authentication in Apache ActiveMQ
Moderate
CVE-2020-13920
was published
for
org.apache.activemq:activemq-parent
(Maven)
Feb 9, 2022
Cross-site scripting (XSS) in Apache ActiveMQ
Moderate
CVE-2020-13947
was published
for
org.apache.activemq:activemq-parent
(Maven)
Feb 9, 2022
Improper Initialization in Pillow
Moderate
CVE-2022-22815
was published
for
Pillow
(pip)
Jan 12, 2022
Missing Authorization in Apache Airflow
Moderate
CVE-2021-35936
was published
for
apache-airflow
(pip)
Aug 30, 2021
HTTP Request Smuggling in Apache Tomcat
Moderate
CVE-2021-33037
was published
for
org.apache.tomcat:tomcat
(Maven)
Aug 13, 2021
Cross-site Scripting in Apache Airflow
Moderate
CVE-2021-28359
was published
for
apache-airflow
(pip)
Jun 18, 2021
Improper Authentication in Apache Airflow
Moderate
CVE-2021-26697
was published
for
apache-airflow
(pip)
Jun 18, 2021
Information Disclosure in Apache Tomcat
Moderate
CVE-2021-24122
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 13, 2021
ProTip!
Advisories are also available from the
GraphQL API