GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
349 advisories
Cross-site request forgery in Apache ActiveMQ
Moderate
CVE-2010-1244
was published
for
org.apache.activemq:activemq-parent
(Maven)
May 2, 2022
XML Signature/Encryption Not Validated in Apache CXF
High
CVE-2012-2379
was published
for
org.apache.cxf:cxf
(Maven)
May 13, 2022
Remote web-service operation execution in Apache CXF
High
CVE-2012-3451
was published
for
org.apache.cxf:cxf
(Maven)
May 13, 2022
Improper Authentication in Apache CXF
Moderate
CVE-2012-5633
was published
for
org.apache.cxf:cxf
(Maven)
May 13, 2022
Improper Authentication in Apache CXF
Moderate
CVE-2013-0239
was published
for
org.apache.cxf:cxf-rt-frontend-jaxrs
(Maven)
May 5, 2022
Improper Input Validation in Apache CXF
Moderate
CVE-2014-0034
was published
for
org.apache.cxf:cxf-rt-ws-security
(Maven)
May 13, 2022
Cleartext Transmission of Sensitive Information in Apache CXF
Moderate
CVE-2014-0035
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Uncontrolled Resource Consumption in Apache CXF
Moderate
CVE-2014-0109
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Uncontrolled Resource Consumption in Apache CXF
Moderate
CVE-2014-0110
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Improper Access Control in Apache CXF
Moderate
CVE-2015-5253
was published
for
org.apache.cxf:cxf-rt-rs-security-sso-saml
(Maven)
May 13, 2022
Improper Neutralization of Input During Web Page Generation in Apache CXF
Moderate
CVE-2016-6812
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in Apache CXF JAX-RS
High
CVE-2016-8739
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Improper Input Validation in Apache CXF
Moderate
CVE-2017-12624
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Covert Timing Channel in Apache CXF
High
CVE-2017-3156
was published
for
org.apache.cxf.karaf:apache-cxf
(Maven)
May 13, 2022
Improper Certificate Validation in Apache CXF
Moderate
CVE-2017-5653
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Session Fixation in Apache CXF
High
CVE-2017-5656
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.*
High
CVE-2018-8039
was published
for
org.apache.cxf:apache-cxf
(Maven)
Oct 19, 2018
Apache Struts Remote Java Code Execution
High
CVE-2012-0391
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 4, 2022
Apache Struts Code injection due to conversion error
High
CVE-2012-0838
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Denial of service in Apache Struts
Moderate
CVE-2012-4387
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 17, 2022
Apache Struts's CookieInterceptor component does not use the parameter-name whitelist
Moderate
CVE-2012-0392
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 4, 2022
Arbitrary code execution in Apache Struts
High
CVE-2013-1966
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Code injection in Apache Struts
High
CVE-2013-2115
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 13, 2022
Arbitrary code execution in Apache Struts 2
High
CVE-2013-2134
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Arbitrary code execution in Apache Struts 2
High
CVE-2013-2135
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API