GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
102 advisories
Password stored in plain text by Jenkins Publish Over SSH Plugin
Low
CVE-2022-23114
was published
for
org.jenkins-ci.plugins:publish-over-ssh
(Maven)
Jan 13, 2022
Improper Privilege Management in com.xuxueli:xxl-job
High
CVE-2022-36157
was published
for
com.xuxueli:xxl-job
(Maven)
Aug 20, 2022
XXL-JOB vulnerable to Server-Side Request Forgery (SSRF)
High
CVE-2022-43183
was published
for
com.xuxueli:xxl-job-core
(Maven)
Nov 17, 2022
SQL injection in jeecgboot
Critical
CVE-2023-40989
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Sep 22, 2023
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
Low
CVE-2023-43123
was published
for
org.apache.storm:storm-core
(Maven)
Nov 23, 2023
Cross-site Scripting in OpenCRX
Moderate
CVE-2023-40813
was published
for
org.opencrx:opencrx-core-models
(Maven)
Nov 18, 2023
Apache Camel's Mail is vulnerable to path traversal
Moderate
CVE-2018-8041
was published
for
org.apache.camel:camel-mail
(Maven)
Oct 16, 2018
Apache Tomcat Directory Traversal vulnerability
Moderate
CVE-2009-2693
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2009-2901
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat
Moderate
CVE-2009-2902
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
Cross-site scripting in Apache ActiveMQ
Low
CVE-2010-0684
was published
for
org.apache.activemq:activemq-parent
(Maven)
May 2, 2022
Denial of Service in Apache Tomcat
Moderate
CVE-2012-0022
was published
for
org.apache.tomcat:tomcat
(Maven)
May 4, 2022
Directory Traversal in Apache Tomcat
Moderate
CVE-2008-5515
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Uncontrolled Resource Consumption in Apache Commons Compress
Moderate
CVE-2012-2098
was published
for
org.apache.commons:commons-compress
(Maven)
May 13, 2022
Apache Tomcat affected by vulnerability in TLS and SSL protocol
Moderate
CVE-2009-3555
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
Apache Tomcat vulnerable to Cross-site Scripting
Low
CVE-2007-2450
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Apache Tomcat Directory Traversal vulnerability
Moderate
CVE-2008-2938
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Apache Geronimo Application Server CSRF vulnerabilities
Moderate
CVE-2009-0039
was published
for
org.apache.geronimo.plugins:console
(Maven)
May 2, 2022
Apache Geronimo Application Server multiple cross-site scripting (XSS) vulnerabilities
Moderate
CVE-2009-0038
was published
for
org.apache.geronimo.plugins:console
(Maven)
May 2, 2022
Deserialization of Untrusted Data in Apache OpenJPA
High
CVE-2013-1768
was published
for
org.apache.openjpa:openjpa
(Maven)
May 14, 2022
Apache Commons Compress vulnerable to denial of service due to infinite loop
Moderate
CVE-2018-1324
was published
for
com.liferay:com.liferay.portal.tools.bundle.support
(Maven)
Mar 14, 2019
Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation
High
CVE-2018-1274
was published
for
org.springframework.data:spring-data-commons
(Maven)
Oct 17, 2018
Exposure of Sensitive Information to an Unauthorized Actor in Apache hive
Low
CVE-2018-1284
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
There is a XML external entity expansion (XXE) vulnerability in Apache Solr
High
CVE-2018-1308
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
Improper Input Validation in Apache Thrift
High
CVE-2018-1320
was published
for
org.apache.thrift:libthrift
(Maven)
Jan 17, 2019
ProTip!
Advisories are also available from the
GraphQL API