GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
349 advisories
Arbitrary code execution in Apache Struts 2
High
CVE-2013-2134
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Code injection in Apache Struts
High
CVE-2013-2115
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 13, 2022
Arbitrary code execution in Apache Struts
High
CVE-2013-1966
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Apache Struts's CookieInterceptor component does not use the parameter-name whitelist
Moderate
CVE-2012-0392
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 4, 2022
Denial of service in Apache Struts
Moderate
CVE-2012-4387
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 17, 2022
Apache Struts Code injection due to conversion error
High
CVE-2012-0838
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Apache Struts Remote Java Code Execution
High
CVE-2012-0391
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 4, 2022
Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.*
High
CVE-2018-8039
was published
for
org.apache.cxf:apache-cxf
(Maven)
Oct 19, 2018
Session Fixation in Apache CXF
High
CVE-2017-5656
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Improper Certificate Validation in Apache CXF
Moderate
CVE-2017-5653
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Covert Timing Channel in Apache CXF
High
CVE-2017-3156
was published
for
org.apache.cxf.karaf:apache-cxf
(Maven)
May 13, 2022
Improper Input Validation in Apache CXF
Moderate
CVE-2017-12624
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in Apache CXF JAX-RS
High
CVE-2016-8739
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Improper Neutralization of Input During Web Page Generation in Apache CXF
Moderate
CVE-2016-6812
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Improper Access Control in Apache CXF
Moderate
CVE-2015-5253
was published
for
org.apache.cxf:cxf-rt-rs-security-sso-saml
(Maven)
May 13, 2022
Uncontrolled Resource Consumption in Apache CXF
Moderate
CVE-2014-0110
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Uncontrolled Resource Consumption in Apache CXF
Moderate
CVE-2014-0109
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Cleartext Transmission of Sensitive Information in Apache CXF
Moderate
CVE-2014-0035
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Improper Input Validation in Apache CXF
Moderate
CVE-2014-0034
was published
for
org.apache.cxf:cxf-rt-ws-security
(Maven)
May 13, 2022
Improper Authentication in Apache CXF
Moderate
CVE-2013-0239
was published
for
org.apache.cxf:cxf-rt-frontend-jaxrs
(Maven)
May 5, 2022
Improper Authentication in Apache CXF
Moderate
CVE-2012-5633
was published
for
org.apache.cxf:cxf
(Maven)
May 13, 2022
Remote web-service operation execution in Apache CXF
High
CVE-2012-3451
was published
for
org.apache.cxf:cxf
(Maven)
May 13, 2022
XML Signature/Encryption Not Validated in Apache CXF
High
CVE-2012-2379
was published
for
org.apache.cxf:cxf
(Maven)
May 13, 2022
Cross-site request forgery in Apache ActiveMQ
Moderate
CVE-2010-1244
was published
for
org.apache.activemq:activemq-parent
(Maven)
May 2, 2022
Apache is vulnerable to XXE in XSD validation processor
Critical
CVE-2018-8027
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
ProTip!
Advisories are also available from the
GraphQL API