Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,017
Maven
5,000+
npm
3,722
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

105 advisories

Loading
Uncontrolled Resource Consumption in FasterXML jackson-databind High
CVE-2022-42004 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz sonnyhcl
sunSUNQ pjfanning
The host name verification missing in Apache Tomcat High
CVE-2018-8034 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat High
CVE-2016-6817 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request High
CVE-2016-8747 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Apache Tomcat vulnerable to information leak High
CVE-2023-34981 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 21, 2023
sunSUNQ westonsteimel
Uncontrolled Resource Consumption in Jackson-databind High
CVE-2022-42003 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz coheigea
sonnyhcl Christiaan-de-Wet sunSUNQ
REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering High
CVE-2017-9805 was published for org.apache.struts:struts2-rest-plugin (Maven) Oct 16, 2018
sunSUNQ
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation High
CVE-2018-11776 was published for org.apache.struts:struts2-core (Maven) Oct 18, 2018
sunSUNQ
Unrestricted Upload of File with Dangerous Type Apache Tomcat High
CVE-2017-12617 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-10672 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Apr 23, 2020
sunSUNQ
Spring Framework vulnerable to denial of service High
CVE-2023-20863 was published for org.springframework:spring-expression (Maven) Apr 13, 2023
amita-seal sunSUNQ
Apache ActiveMQ Deserialization of Untrusted Data vulnerability High
CVE-2022-41678 was published for org.apache.activemq:apache-activemq (Maven) Nov 28, 2023
sunSUNQ
Apache Tomcat may reject request containing invalid Content-Length header High
CVE-2022-42252 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 1, 2022
sunSUNQ westonsteimel
Apache Commons FileUpload denial of service vulnerability High
CVE-2023-24998 was published for commons-fileupload:commons-fileupload (Maven) Feb 20, 2023
sunSUNQ westonsteimel
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat High
CVE-2020-17527 was published for org.apache.tomcat:tomcat-coyote (Maven) Feb 9, 2022
sunSUNQ
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat High
CVE-2017-5647 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
kurt-r2c sunSUNQ
r3kumar
Files or Directories Accessible to External Parties in org.springframework:spring-core High
CVE-2015-5211 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ
Information exposure in FasterXML jackson-databind High
CVE-2019-12086 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 23, 2019
sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-10968 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11113 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11620 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Apr 23, 2020
sunSUNQ
Deserialization of untrusted data in Jackson Databind High
CVE-2020-14060 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 18, 2020
sunSUNQ
Deserialization of untrusted data in Jackson Databind High
CVE-2020-14195 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 18, 2020
sunSUNQ
XML External Entity (XXE) Injection in Jackson Databind High
CVE-2020-25649 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Feb 18, 2021
yair-apiiro sunSUNQ
Serialization gadgets exploit in jackson-databind High
CVE-2020-35490 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database