Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

15 advisories

Loading
Spring-boot-admin sandbox bypass via crafted HTML High
CVE-2023-38286 was published for de.codecentric:spring-boot-admin-server (Maven) Jul 14, 2023
ymuraki-csc danielfernandez
Subrhamanya
Apache Directory Studio Command Injection High
CVE-2015-5349 was published for org.apache.directory.studio:org.apache.directory.studio.ldapbrowser.core (Maven) May 13, 2022
Apache Spark UI vulnerable to Command Injection High
CVE-2023-32007 was published for org.apache.spark:spark-parent_2.12 (Maven) May 2, 2023
Apache Struts RCE Vulnerability High
CVE-2016-3081 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
Command Injection in VIVO Vitro High
CVE-2019-6986 was published for org.vivoweb:vitro-project (Maven) May 13, 2022
Snowflake JDBC vulnerable to command injection via SSO URL authentication High
CVE-2023-30535 was published for net.snowflake:snowflake-jdbc (Maven) Apr 14, 2023
Apache UIMA DUCC allows remote code execution High
CVE-2023-28935 was published for org.apache.uima:uima-ducc-parent (Maven) Mar 30, 2023
Jenkins Convert To Pipeline Plugin vulnerable to command injection High
CVE-2023-28677 was published for org.jenkins-ci.plugins:convert-to-pipeline (Maven) Apr 2, 2023
Apache Kylin vulnerable to Command injection by Useless configuration High
CVE-2022-43396 was published for org.apache.kylin:kylin (Maven) Dec 30, 2022
Remote Code Execution in Apache Dubbo High
CVE-2021-36162 was published for org.apache.dubbo:dubbo (Maven) Sep 8, 2021
Remote Code Execution in SCIMono High
CVE-2021-21479 was published for com.sap.scimono:scimono-server (Maven) Feb 10, 2021
Apache James vulnerable to buffering attack High
CVE-2022-28220 was published for org.apache.james:james-server (Maven) Sep 9, 2022
NuProcess vulnerable to command-line injection through insertion of NUL character(s) High
CVE-2022-39243 was published for com.zaxxer:nuprocess (Maven) Sep 30, 2022
Improper Neutralization of Special Elements used in a Command in FitNesse Wiki High
CVE-2014-1216 was published for org.fitnesse:fitnesse (Maven) May 17, 2022
Improper Neutralization of Special Elements used in a Command in Apache Cassandra High
CVE-2015-0225 was published for org.apache.cassandra:apache-cassandra (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API