GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
46 advisories
Apache Wicket: Remote code execution via XSLT injection
High
CVE-2024-36522
was published
for
org.apache.wicket:wicket-util
(Maven)
Jul 12, 2024
Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions
High
CVE-2024-6468
was published
for
github.com/hashicorp/vault
(Go)
Jul 11, 2024
Apache Tomcat - Denial of Service
High
CVE-2024-34750
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jul 3, 2024
Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping
High
CVE-2024-27936
was published
for
deno
(Rust)
Mar 5, 2024
Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users
High
CVE-2024-23320
was published
for
org.apache.dolphinscheduler:dolphinscheduler-master
(Maven)
Feb 23, 2024
Apache Tomcat - Fix for CVE-2023-24998 was incomplete
High
CVE-2023-28709
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jul 6, 2023
Apache Tomcat vulnerable to information leak
High
CVE-2023-34981
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jun 21, 2023
Denial of service in Jenkins Core
High
CVE-2023-27901
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
Incorrect Authorization in Jenkins Core
High
CVE-2023-27899
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
Cross-site Scripting vulnerability in Jenkins
High
CVE-2023-27898
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
Apache Commons FileUpload denial of service vulnerability
High
CVE-2023-24998
was published
for
commons-fileupload:commons-fileupload
(Maven)
Feb 20, 2023
Apache Tomcat improperly escapes input from JsonErrorReportValve
High
CVE-2022-45143
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 3, 2023
Denial of service by double-checked locking in openssl-src
High
CVE-2022-3996
was published
for
openssl-src
(Rust)
Dec 13, 2022
json stack overflow vulnerability
High
CVE-2022-45688
was published
for
cn.hutool:hutool-json
(Maven)
Dec 13, 2022
Apache Tomcat may reject request containing invalid Content-Length header
High
CVE-2022-42252
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 1, 2022
golang.org/x/net/http2 Denial of Service vulnerability
High
CVE-2022-27664
was published
for
golang.org/x/net
(Go)
Sep 7, 2022
Remote Code Execution in Apache Flume
High
CVE-2022-25167
was published
for
org.apache.flume.flume-ng-sources:flume-jms-source
(Maven)
Jun 15, 2022
Improper Verification of Cryptographic Signature in matrix-synapse
High
CVE-2019-18835
was published
for
matrix-synapse
(pip)
May 24, 2022
Improper handling of untrusted branches in Gitea Jenkins Plugin
High
CVE-2019-10330
was published
for
org.jenkins-ci.plugins:gitea
(Maven)
May 24, 2022
XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin
High
CVE-2019-10327
was published
for
org.jenkins-ci.plugins:pipeline-maven
(Maven)
May 24, 2022
Plaintext password storage in Jenkins InfluxDB Plugin
High
CVE-2019-10329
was published
for
org.jenkins-ci.plugins:influxdb
(Maven)
May 24, 2022
Drupal Core Cross-Site Request Forgery (CSRF) vulnerability
High
CVE-2020-13663
was published
for
drupal/core
(Composer)
May 24, 2022
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG
High
CVE-2019-11842
was published
for
matrix-sydent
(pip)
May 24, 2022
Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1
High
CVE-2013-1777
was published
for
org.apache.geronimo.framework:geronimo-jmx-remoting
(Maven)
May 17, 2022
AWS CodeDeploy Plugin stored AWS Secret Key in plain text
High
CVE-2018-1000403
was published
for
com.amazonaws:codedeploy
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API