GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
349 advisories
com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data
Critical
CVE-2018-19362
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Improper Input Validation in Apache Airflow resulting in Remote Code Execution
High
CVE-2017-15720
was published
for
apache-airflow
(pip)
Jan 25, 2019
Cross-Site Request Forgery (CSRF) in Apache Airflow
High
CVE-2017-17835
was published
for
apache-airflow
(pip)
Jan 25, 2019
Improper Certificate Validation in Apache Airflow
High
CVE-2018-20245
was published
for
apache-airflow
(pip)
Jan 25, 2019
Apache Airflow vulnerable to Stored XSS
Moderate
CVE-2018-20244
was published
for
apache-airflow
(pip)
Mar 6, 2019
jackson-databind Deserialization of Untrusted Data vulnerability
High
CVE-2018-12022
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Mar 25, 2019
Improper Control of Generation of Code ('Code Injection') in org.apache.activemq:activemq-client
High
CVE-2019-0222
was published
for
org.apache.activemq:activemq-client
(Maven)
Apr 2, 2019
Apache Airflow vulnerable to Stored XSS
Moderate
CVE-2019-0216
was published
for
apache-airflow
(pip)
Apr 12, 2019
Information exposure in FasterXML jackson-databind
High
CVE-2019-12086
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 23, 2019
Cross-site scripting in Apache Tomcat
Moderate
CVE-2019-0221
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 30, 2019
Django Cross-site Scripting in AdminURLFieldWidget
Moderate
CVE-2019-12308
was published
for
Django
(pip)
Jun 10, 2019
Improper Locking in Apache Tomcat
High
CVE-2019-10072
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jun 26, 2019
Deserialization of Untrusted Data in FasterXML jackson-databind
Moderate
CVE-2019-12384
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jul 5, 2019
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2018-11307
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jul 16, 2019
Deserialization of untrusted data in FasterXML jackson-databind
Moderate
CVE-2019-12814
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jul 17, 2019
Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ
Moderate
CVE-2015-7559
was published
for
org.apache.activemq:activemq-client
(Maven)
Aug 1, 2019
Polymorphic Typing issue in FasterXML jackson-databind
Critical
CVE-2019-14540
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Sep 23, 2019
DOS attack in Pillow when processing specially crafted image files
High
CVE-2019-16865
was published
for
pillow
(pip)
Oct 22, 2019
Polymorphic Typing in FasterXML jackson-databind
Critical
CVE-2019-16942
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 28, 2019
Apache Airflow vulnerable to XSS and local file disclosure
Moderate
CVE-2019-12417
was published
for
airflow
(pip)
Nov 22, 2019
Django allows unintended model editing
High
CVE-2019-19118
was published
for
Django
(pip)
Dec 4, 2019
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application
High
CVE-2020-5398
was published
for
org.springframework:spring-webflux
(Maven)
Jan 21, 2020
CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux
Moderate
CVE-2020-5397
was published
for
org.springframework:spring-webflux
(Maven)
Jan 21, 2020
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2019-20330
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Mar 4, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-10672
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Apr 23, 2020
ProTip!
Advisories are also available from the
GraphQL API