Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

28 advisories

Loading
Moderate severity vulnerability that affects org.keycloak:keycloak-core Moderate
CVE-2016-8629 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
JULI logging component in Apache Tomcat does not restrict certain permissions for web applications Moderate
CVE-2007-5342 was published for org.apache.tomcat:tomcat-juli (Maven) May 1, 2022
Improper Access Control in Apache Derby Moderate
CVE-2018-1313 was published for org.apache.derby:derby (Maven) May 13, 2022
Improper Access Control in Apache CXF Moderate
CVE-2015-5253 was published for org.apache.cxf:cxf-rt-rs-security-sso-saml (Maven) May 13, 2022
sunSUNQ
Improper Access Control in Apache Tomcat Moderate
CVE-2014-7810 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Improper Access Control in Apache WSS4J Moderate
CVE-2015-0227 was published for org.apache.ws.security:wss4j (Maven) May 14, 2022
Improper Access Control in MySQL Connectors Java Moderate
CVE-2015-2575 was published for mysql:mysql-connector-java (Maven) May 17, 2022
Improper Access Control in Apache Tomcat Moderate
CVE-2012-5885 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Apache Tomcat does not follow ServletSecurity annotations Moderate
CVE-2011-1419 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Apache Struts2 Broken Access Control Vulnerability Moderate
CVE-2013-4310 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Improper Access Control in JBoss mod_cluster Moderate
CVE-2012-1154 was published for org.jboss.mod_cluster:mod_cluster (Maven) May 17, 2022
Wildfly Authorization Misconfiguration Moderate
CVE-2019-14838 was published for org.wildfly.core:wildfly-host-controller (Maven) May 24, 2022
Missing permission check in Jenkins Build Failure Analyzer Plugin Moderate
CVE-2019-16554 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) May 24, 2022
Keycloak has lack of validation of access token on client registrations endpoint Moderate
CVE-2023-0091 was published for org.keycloak:keycloak-core (Maven) Jan 12, 2023
Unprivileged XWiki Platform users can make arbitrary select queries using DatabaseListProperty and suggest.vm Moderate
CVE-2023-26473 was published for org.xwiki.platform:xwiki-platform-web (Maven) Mar 3, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for unauthorized server connections Moderate
CVE-2023-28675 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for ID enumeration Moderate
CVE-2023-28673 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
PowerJob vulnerable to Incorrect Access Control via the create user/save interface. Moderate
CVE-2023-29922 was published for tech.powerjob:powerjob (Maven) Apr 19, 2023
xwiki-platform-web-templates allows users to be created even when registration is disabled without validation via template macro Moderate
CVE-2023-29513 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Apr 20, 2023
Liferay portal has unauthorized access to object definition via search Moderate
CVE-2023-33947 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
Liferay portal unauthorized access to objects via OAuth 2 scope Moderate
CVE-2023-33946 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
PlantUML Improper Access Control vulnerability Moderate
CVE-2023-3431 was published for net.sourceforge.plantuml:plantuml-mit (Maven) Jun 27, 2023
io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud Moderate
CVE-2023-36820 was published for io.micronaut.security:micronaut-security-oauth2 (Maven) Oct 5, 2023
tommyli
Broken access control in Silverpeas Moderate
CVE-2023-47321 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
Broken access control in Silverpeas Moderate
CVE-2023-47325 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
ProTip! Advisories are also available from the GraphQL API