GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
155 advisories
Apache Struts's CookieInterceptor component does not use the parameter-name whitelist
Moderate
CVE-2012-0392
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 4, 2022
Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode
Moderate
CVE-2012-0394
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 4, 2022
Apache Struts's ParameterInterceptor component does not prevent access to public constructors
Moderate
CVE-2012-0393
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 4, 2022
Improper Neutralization of Input During Web Page Generation in Spring Framework
Moderate
CVE-2013-6430
was published
for
org.springframework:spring-web
(Maven)
May 5, 2022
Improper Authentication in Apache CXF
Moderate
CVE-2013-0239
was published
for
org.apache.cxf:cxf-rt-frontend-jaxrs
(Maven)
May 5, 2022
Allocation of Resources Without Limits or Throttling in Spring Framework
Moderate
CVE-2022-22971
was published
for
org.springframework:spring-messaging
(Maven)
May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in Jenkins
Moderate
CVE-2018-6356
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Observable Discrepancy in Apache Tomcat
Moderate
CVE-2016-0762
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
System Property Disclosure in Apache Tomcat
Moderate
CVE-2016-6794
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Cross-Site Request Forgery in Spring Framework
Moderate
CVE-2014-0054
was published
for
org.springframework:spring-webmvc
(Maven)
May 13, 2022
Cross-Site Request Forgery in Spring Framework
Moderate
CVE-2013-4152
was published
for
org.springframework:spring-oxm
(Maven)
May 13, 2022
Missing XML Validation in Spring Framework
Moderate
CVE-2013-7315
was published
for
org.springframework:spring-oxm
(Maven)
May 13, 2022
Cross-Site Request Forgery in Spring Framework
Moderate
CVE-2013-6429
was published
for
org.springframework:spring-web
(Maven)
May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in Spring Framework
Moderate
CVE-2014-3625
was published
for
org.springframework:spring-webmvc
(Maven)
May 13, 2022
Blind SQL Injection with privileged Cloud Foundry UAA endpoints
Moderate
CVE-2017-4974
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Cloud Foundry UAA Identity Zone Admin Privilege Escalation
Moderate
CVE-2017-8032
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Improper Certificate Validation in Apache CXF
Moderate
CVE-2017-5653
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Cleartext Transmission of Sensitive Information in Apache CXF
Moderate
CVE-2014-0035
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Uncontrolled Resource Consumption in Apache CXF
Moderate
CVE-2014-0109
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Improper Input Validation in Apache CXF
Moderate
CVE-2014-0034
was published
for
org.apache.cxf:cxf-rt-ws-security
(Maven)
May 13, 2022
Improper Neutralization of Input During Web Page Generation in Apache CXF
Moderate
CVE-2016-6812
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Improper Input Validation in Apache CXF
Moderate
CVE-2017-12624
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Loop with Unreachable Exit Condition in Apache CXF
Moderate
CVE-2014-3584
was published
for
org.apache.cxf:cxf-rt-frontend-jaxrs
(Maven)
May 13, 2022
Improper Access Control in Apache CXF
Moderate
CVE-2015-5253
was published
for
org.apache.cxf:cxf-rt-rs-security-sso-saml
(Maven)
May 13, 2022
Uncontrolled Resource Consumption in Apache CXF
Moderate
CVE-2014-0110
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API