GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
120 advisories
Filter by severity
HTTP/2 Stream Cancellation Attack
Moderate
CVE-2023-44487
was published
for
com.typesafe.akka:akka-http-core
(Go)
Oct 10, 2023
Apache Tomcat - Denial of Service
High
CVE-2024-34750
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jul 3, 2024
Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users
High
CVE-2024-23320
was published
for
org.apache.dolphinscheduler:dolphinscheduler-master
(Maven)
Feb 23, 2024
Apache Wicket: Remote code execution via XSLT injection
High
CVE-2024-36522
was published
for
org.apache.wicket:wicket-util
(Maven)
Jul 12, 2024
Sandbox bypass in Jenkins Pipeline: Groovy Plugin
Critical
CVE-2019-1003030
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 13, 2022
Incorrect Default Permissions in Apache Tomcat
High
CVE-2020-8022
was published
for
org.apache.tomcat:tomcat
(Maven)
Feb 9, 2022
•
withdrawn
Sandbox bypass in Script Security Plugin
Critical
CVE-2019-1003029
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin
Moderate
CVE-2022-20616
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
Jan 13, 2022
Apache Tomcat Improper Access Control vulnerability
Critical
CVE-2016-8735
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 13, 2022
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
Moderate
CVE-2024-24549
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Mar 13, 2024
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat
Moderate
CVE-2024-23672
was published
for
org.apache.tomcat.embed:tomcat-embed-websocket
(Maven)
Mar 13, 2024
HTTP Request Smuggling in Netty
High
CVE-2019-16869
was published
for
io.netty:netty-all
(Maven)
Oct 11, 2019
Apache Tomcat vulnerable to information leak
High
CVE-2023-34981
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jun 21, 2023
Apache Tomcat - Fix for CVE-2023-24998 was incomplete
High
CVE-2023-28709
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jul 6, 2023
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2024-21733
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 19, 2024
Apache Tomcat improperly escapes input from JsonErrorReportValve
High
CVE-2022-45143
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 3, 2023
Apache Tomcat may reject request containing invalid Content-Length header
High
CVE-2022-42252
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 1, 2022
Apache Commons FileUpload denial of service vulnerability
High
CVE-2023-24998
was published
for
commons-fileupload:commons-fileupload
(Maven)
Feb 20, 2023
Expected Behavior Violation in Apache Tomcat
Critical
CVE-2017-5651
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 13, 2022
Exposure of Resource to Wrong Sphere in Apache Tomcat
Critical
CVE-2017-5648
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 13, 2022
Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat
Critical
CVE-2016-5018
was published
for
org.apache.tomcat.embed:tomcat-embed-jasper
(Maven)
May 13, 2022
json stack overflow vulnerability
High
CVE-2022-45688
was published
for
cn.hutool:hutool-json
(Maven)
Dec 13, 2022
Vulnerability affecting the org.openjfx:javafx-media maven component of the OpenJFX project
Low
CVE-2024-20925
was published
for
org.openjfx:javafx-media
(Maven)
Feb 17, 2024
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21685
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2019-20330
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Mar 4, 2020
ProTip!
Advisories are also available from the
GraphQL API