Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

349 advisories

Loading
Cloud Foundry UAA Privilege Escalation High
CVE-2018-15761 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Improper Limitation of a Pathname to a Restricted Directory in Jenkins Moderate
CVE-2018-6356 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
sunSUNQ
Deserialization of Untrusted Data in jackson-databind High
CVE-2018-5968 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 30, 2020
sunSUNQ
Deserialization of Untrusted Data High
CVE-2018-12023 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 15, 2020
sunSUNQ
jackson-databind Deserialization of Untrusted Data vulnerability High
CVE-2018-12022 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Mar 25, 2019
sunSUNQ
Deserialization of Untrusted Data in jackson-databind Critical
CVE-2018-11307 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jul 16, 2019
sunSUNQ
jackson-databind is vulnerable to a deserialization flaw Critical
CVE-2017-7525 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 16, 2018
sunSUNQ
jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass Critical
CVE-2017-17485 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 18, 2018
sunSUNQ
Blind SQL Injection with privileged Cloud Foundry UAA endpoints Moderate
CVE-2017-4974 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cloud Foundry UAA Privilege Escalation High
CVE-2017-4973 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cloud Foundry UAA privilege escalation with user invitations Critical
CVE-2017-4992 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cloud Foundry UAA Denial of Service through client token revocation endpoint Moderate
CVE-2017-8031 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cloud Foundry UAA Identity Zone Admin Privilege Escalation Moderate
CVE-2017-8032 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Uncontrolled Resource Consumption in Apache Tomcat High
CVE-2014-0230 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Apache Tomcat does not properly handle an invalid Transfer-Encoding header Moderate
CVE-2010-2227 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Improper Access Control in Apache Tomcat High
CVE-2016-0714 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Cloud Foundry denial of service vulnerability High
CVE-2017-4960 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cloud Foundry vulnerable to Cross-Site Request Forgery Critical
CVE-2016-6637 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cloud Foundry vulnerable to Improper Certificate Validation Moderate
CVE-2016-5016 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 14, 2022
sunSUNQ
Cloud Foundry UAA reset password vulnerable to brute force attack High
CVE-2016-3084 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password Critical
CVE-2015-5172 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cloud Foundry Runtime Insufficient Session Expiration vulnerability Critical
CVE-2015-5171 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cloud Foundry Runtime Cross-Site Request Forgery vulnerability High
CVE-2015-5170 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password Low
CVE-2015-3189 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Improper Restriction of XML External Entity Reference in Spring Framework High
CVE-2014-0225 was published for org.springframework:spring-webmvc (Maven) May 13, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database