GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
23 advisories
Spring Framework Path Traversal vulnerability High
CVE-2024-38819 was published for org.springframework:spring-webflux (Maven) Dec 19, 2024
Spring Framework DataBinder Case Sensitive Match Exception Moderate
CVE-2024-38820 was published for org.springframework:spring-context (Maven) Oct 18, 2024
stereoscope vulnerable to tar path traversal when processing OCI tar archives Moderate
CVE-2024-24579 was published for github.com/anchore/stereoscope (Go) Jan 31, 2024
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation High
CVE-2023-5044 was published for k8s.io/ingress-nginx (Go) Oct 25, 2023
Hazelcast vulnerable to unmasked password exposure Moderate
CVE-2023-33264 was published for com.hazelcast:hazelcast (Maven) May 22, 2023
Spring Security logout not clearing security context Moderate
CVE-2023-20862 was published for org.springframework.security:spring-security-core (Maven) Apr 19, 2023
Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling High
CVE-2023-27522 was published for uWSGI (pip) Mar 7, 2023
RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions Low
CVE-2023-0481 was published for io.quarkus.resteasy.reactive:resteasy-reactive-common (Maven) Feb 24, 2023
Apache James MIME4J vulnerable to information disclosure to local users Moderate
CVE-2022-45787 was published for org.apache.james:apache-mime4j-storage (Maven) Jan 6, 2023
SmallRye Health UI Cross-site Scripting vulnerability Moderate
CVE-2021-3914 was published for io.smallrye:smallrye-health-ui (Maven) Aug 26, 2022
pg-native and libpq vulnerable to uncontrolled resource consumption High
CVE-2022-25852 was published for libpq (npm) Jun 18, 2022
Calico vulnerable to pod route hijacking Moderate
CVE-2022-28224 was published for github.com/projectcalico/calico (Go) Jun 7, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch Moderate
CVE-2021-22137 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
Secret insertion into debug log in Docker High
CVE-2019-13509 was published for github.com/docker/docker (Go) May 24, 2022
jersey: XXE via parameter entities High
CVE-2014-3643 was published for com.sun.jersey:jersey-core (Maven) May 17, 2022
lxml Cross-site Scripting Via Control Characters Moderate
CVE-2014-3146 was published for lxml (pip) May 14, 2022
Cross-site request forgery vulnerability in Jenkins Nomad Plugin Moderate
CVE-2019-1003092 was published for org.jenkins-ci.plugins:nomad (Maven) May 13, 2022
Directory traversal in Mort Bay Jetty Moderate
CVE-2009-1523 was published for org.mortbay.jetty:jetty (Maven) May 2, 2022
Withdrawn Advisory: NULL Pointer Dereference in Protocol Buffers High
CVE-2021-22570 was published for Google.Protobuf (Composer) Jan 27, 2022 • withdrawn
Origin Validation Error in Apache Maven Critical
CVE-2021-26291 was published for org.apache.maven:maven-compat (Maven) Jun 16, 2021
Improper Input Validation in Spring Framework Moderate
CVE-2020-5421 was published for org.springframework:spring-framework-bom (Maven) Apr 30, 2021
Information Disclosure in Guava Low
CVE-2020-8908 was published for com.google.guava:guava (Maven) Mar 25, 2021
Eclipse Jetty Server generates error message containing sensitive information Moderate
CVE-2018-12536 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
ProTip! Advisories are also available from the GraphQL API