Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

105 advisories

Loading
Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized High
CVE-2016-9878 was published for org.springframework:spring-webmvc (Maven) Oct 4, 2018
sunSUNQ
Apache Struts REST Plugin can potentially allow a DoS attack High
CVE-2018-1327 was published for org.apache.struts:struts2-rest-plugin (Maven) Oct 16, 2018
sunSUNQ
Spring AOP functionality (Struts) vulnerable to DoS attack High
CVE-2017-9787 was published for org.apache.struts:struts2-core (Maven) Oct 16, 2018
sunSUNQ
Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used High
CVE-2017-9804 was published for org.apache.struts:struts2-core (Maven) Oct 16, 2018
G-Rath sunSUNQ
REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering High
CVE-2017-9805 was published for org.apache.struts:struts2-rest-plugin (Maven) Oct 16, 2018
sunSUNQ
Apache Camel can allow remote attackers to execute arbitrary commands High
CVE-2015-5348 was published for org.apache.camel:camel-ahc (Maven) Oct 16, 2018
sunSUNQ
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE. High
CVE-2017-5643 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
Apache Camel's XSLT component allows remote attackers to read arbitrary files High
CVE-2014-0002 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods High
CVE-2014-0003 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder High
CVE-2018-1336 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
The host name verification missing in Apache Tomcat High
CVE-2018-8034 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass High
CVE-2018-1258 was published for org.springframework:spring-core (Maven) Oct 17, 2018
MarkLee131 sunSUNQ
Files or Directories Accessible to External Parties in org.springframework:spring-core High
CVE-2015-5211 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ
Spring Security and Spring Framework may not recognize certain paths that should be protected High
CVE-2016-5007 was published for org.springframework.security:spring-security-core (Maven) Oct 17, 2018
sunSUNQ
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation High
CVE-2018-11776 was published for org.apache.struts:struts2-core (Maven) Oct 18, 2018
sunSUNQ
Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.* High
CVE-2018-8039 was published for org.apache.cxf:apache-cxf (Maven) Oct 19, 2018
sunSUNQ
Improper Certificate Validation in Apache activemq-client High
CVE-2018-11775 was published for org.apache.activemq:activemq-client (Maven) Oct 19, 2018
sunSUNQ
Spring Security vulnerable to Authorization Bypass High
CVE-2018-15801 was published for org.springframework.security:spring-security-core (Maven) Dec 20, 2018
MarkLee131 sunSUNQ
jackson-databind Deserialization of Untrusted Data vulnerability High
CVE-2018-12022 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Mar 25, 2019
sunSUNQ
Improper Control of Generation of Code ('Code Injection') in org.apache.activemq:activemq-client High
CVE-2019-0222 was published for org.apache.activemq:activemq-client (Maven) Apr 2, 2019
sunSUNQ
Information exposure in FasterXML jackson-databind High
CVE-2019-12086 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 23, 2019
sunSUNQ
Improper Locking in Apache Tomcat High
CVE-2019-10072 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 26, 2019
sunSUNQ
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application High
CVE-2020-5398 was published for org.springframework:spring-webflux (Maven) Jan 21, 2020
briandealwis sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-10672 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Apr 23, 2020
sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11620 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Apr 23, 2020
sunSUNQ
ProTip! Advisories are also available from the GraphQL API