Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,110
Pub
10
RubyGems
837
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+

103 advisories

Loading
Apache Tomcat Unrestricted file upload vulnerability Moderate
CVE-2013-4444 was published for org.apache.tomcat:tomcat (Maven) May 13, 2022
Insufficient Verification of Data Authenticity in Async Http Client Moderate
CVE-2013-7398 was published for com.ning:async-http-client (Maven) May 13, 2022
MarkLee131
Insufficient Verification of Data Authenticity in Async Http Client Moderate
CVE-2013-7397 was published for com.ning:async-http-client (Maven) May 13, 2022
MarkLee131
Improper Control of Generation of Code in Apache Camel Moderate
CVE-2013-4330 was published for org.apache.camel:camel-core (Maven) May 13, 2022
sunSUNQ
Netty denial of service vulnerability Moderate
CVE-2014-0193 was published for io.netty:netty (Maven) May 13, 2022
MarkLee131
Apache XML Security For Java vulnerable to Infinite Loop Moderate
CVE-2013-5823 was published for org.apache.santuario:xmlsec (Maven) May 14, 2022
MarkLee131
ClassLoader manipulation in Apache Struts Moderate
CVE-2014-0094 was published for org.apache.struts.xwork:xwork-core (Maven) May 14, 2022
sunSUNQ
Improper Limitation of a Pathname to a Restricted Directory in Spring Framework Moderate
CVE-2014-3578 was published for org.springframework:spring-core (Maven) May 14, 2022
sunSUNQ
Improper Access Control in Apache Tomcat Moderate
CVE-2014-7810 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat Moderate
CVE-2014-0099 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Improper Input Validation in Apache Tomcat Moderate
CVE-2014-0096 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Missing XML Validation in Apache Tomcat Moderate
CVE-2014-0119 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Improper Input Validation in Apache Tomcat Moderate
CVE-2014-0227 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
MarkLee131
Integer Overflow or Wraparound in Apache Tomcat Moderate
CVE-2014-0075 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Improper Input Validation in Apache Tomcat Moderate
CVE-2014-0033 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Apache Tomcat Denial of Service vulnerability Moderate
CVE-2013-4322 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat Moderate
CVE-2013-4590 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Apache Tomcat is vulnerable to HTTP request-smuggling Moderate
CVE-2013-4286 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
UberFire Framework Improperly Restricts Paths Moderate
CVE-2014-8114 was published for org.uberfire:uberfire-parent (Maven) May 14, 2022
Improper Validation of Certificate with Host Mismatch in Shibboleth Identity Provider and OpenSAML Java Moderate
CVE-2014-3603 was published for edu.internet2.middleware:shibboleth-identityprovider (Maven) May 14, 2022
Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ Moderate
CVE-2014-8110 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
sunSUNQ
Improper Neutralization of Input During Web Page Generation in Spring Framework Moderate
CVE-2014-1904 was published for org.springframework:spring-webmvc (Maven) May 14, 2022
sunSUNQ
Improper Authentication in Hibernate Validator Moderate
CVE-2014-3558 was published for org.hibernate:hibernate-validator (Maven) May 14, 2022
MarkLee131
Apache Syncope JEXL Code Injection Moderate
CVE-2014-0111 was published for org.apache.syncope:syncope (Maven) May 14, 2022
Improper Input Validation in Apache Karaf Moderate
CVE-2014-0219 was published for org.apache.karaf:apache-karaf (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API