GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
105 advisories
Cloud Foundry UAA password reset vulnerability
High
CVE-2017-4991
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Cloud Foundry UAA Privilege Escalation
High
CVE-2017-4973
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Cloud Foundry denial of service vulnerability
High
CVE-2017-4960
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Cloud Foundry UAA reset password vulnerable to brute force attack
High
CVE-2016-3084
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
UAA privilege escalation across identity zones
High
CVE-2018-1262
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Cloud Foundry Runtime Cross-Site Request Forgery vulnerability
High
CVE-2015-5170
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Improper Authorization in Jenkins Core
High
CVE-2019-1003003
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in Spring Framework
High
CVE-2014-0225
was published
for
org.springframework:spring-webmvc
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Spring Security
High
CVE-2017-4995
was published
for
org.springframework.security:spring-security-core
(Maven)
May 13, 2022
Apache Tomcat vulnerable to SecurityManager bypass
High
CVE-2016-6796
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Incorrect Authorization in Apache Tomcat
High
CVE-2016-6797
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption
High
CVE-2022-29885
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Denial of service in Spring Framework
High
CVE-2022-22970
was published
for
org.springframework:spring-beans
(Maven)
May 13, 2022
Apache Struts Remote Java Code Execution
High
CVE-2012-0391
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 4, 2022
Deeply nested json in jackson-databind
High
CVE-2020-36518
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Mar 12, 2022
Uncontrolled Resource Consumption in Apache Tomcat
High
CVE-2020-11996
was published
for
org.apache.tomcat:tomcat
(Maven)
Feb 9, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High
CVE-2020-17527
was published
for
org.apache.tomcat:tomcat-coyote
(Maven)
Feb 9, 2022
Infinite Loop in Apache Tomcat
High
CVE-2020-13935
was published
for
org.apache.tomcat:tomcat
(Maven)
Feb 8, 2022
Serialization gadgets exploit in jackson-databind
High
CVE-2020-35490
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Missing Release of Resource after Effective Lifetime in Apache Tomcat
High
CVE-2021-42340
was published
for
org.apache.tomcat:tomcat
(Maven)
Oct 15, 2021
Improper Authentication in Apache ActiveMQ and Apache Artemis
High
CVE-2021-26117
was published
for
org.apache.activemq:activemq-parent
(Maven)
Jun 16, 2021
XML External Entity (XXE) Injection in Jackson Databind
High
CVE-2020-25649
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Feb 18, 2021
Deserialization of untrusted data in jackson-databind
High
CVE-2021-20190
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 20, 2021
Deserialization of Untrusted Data in jackson-databind
High
CVE-2018-5968
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 30, 2020
Deserialization of untrusted data in Jackson Databind
High
CVE-2020-14060
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 18, 2020
ProTip!
Advisories are also available from the
GraphQL API