GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
136 advisories
Filter by severity
Apache Struts CSRF Vulnerability
High
CVE-2016-4430
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 17, 2022
Race Condition in Jenkins
High
CVE-2017-1000503
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Cloud Foundry UAA SessionID present in Audit Event Logs
High
CVE-2018-1192
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 14, 2022
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
High
CVE-2015-5346
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Apache Tomcat does not enforce the maxHttpHeaderSize limit
High
CVE-2011-0534
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Arbitrary code execution in Apache Struts 2
High
CVE-2013-2134
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Arbitrary code execution in Apache Struts 2
High
CVE-2013-2135
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Apache Struts Code injection due to conversion error
High
CVE-2012-0838
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
High
CVE-2011-3190
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Authentication in Apache WSS4J
High
CVE-2014-3612
was published
for
org.apache.activemq:activemq-broker
(Maven)
May 14, 2022
Improper Neutralization of Special Elements used in an OS Command in Apache ActiveMQ
High
CVE-2014-3576
was published
for
org.apache.activemq:activemq-client
(Maven)
May 14, 2022
Uncontrolled Resource Consumption in Apache Tomcat
High
CVE-2014-0230
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Access Control in Apache Tomcat
High
CVE-2016-0714
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High
CVE-2017-5647
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat
High
CVE-2016-6817
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Concurrent Execution using Shared Resource with Improper Synchronization in Apache Tomcat
High
CVE-2016-8745
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request
High
CVE-2016-8747
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Unrestricted Upload of File with Dangerous Type Apache Tomcat
High
CVE-2017-12617
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Cross-Site Request Forgery in Jenkins
High
CVE-2017-1000504
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Improper Control of Generation of Code in Apache Struts
High
CVE-2013-1965
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Arbitrary code execution in Apache Struts
High
CVE-2013-1966
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
ClassLoader manipulation in Apache Struts
High
CVE-2014-0116
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Apache Struts RCE Vulnerability
High
CVE-2016-0785
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Cloud Foundry UAA accepts refresh token as access token on admin endpoints
High
CVE-2018-11047
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Improper Handling of Exceptional Conditions in Apache Tomcat
High
CVE-2017-5664
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API