GitHub Advisory Database
1,969 advisories
Filter by severity
Denial of Service in Tomcat
CVE-2019-0199
(Moderate severity)
was published Jun 15, 2020
•
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Improper Input Validation in Tomcat
CVE-2020-1938
(High severity)
was published Jun 15, 2020
•
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Denial of service in Apache Xerces2
CVE-2009-2625
(Moderate severity)
was published Jun 15, 2020
•
xerces:xercesImpl
(Maven)
Denial of service in Apache Xerces2
CVE-2012-0881
(Low severity)
was published Jun 15, 2020
•
xerces:xercesImpl
(Maven)
Improper Input Validation in jackson-databind
CVE-2019-17267
(Critical severity)
was published Jun 15, 2020
•
com.fasterxml.jackson.core:jackson-databind
(Maven)
Deserialization of Untrusted Data
CVE-2018-12023
(High severity)
was published Jun 15, 2020
•
com.fasterxml.jackson.core:jackson-databind
(Maven)
Deserialization of Untrusted Data in jackson-databind
CVE-2018-12022
(High severity)
was published Jun 15, 2020
•
com.fasterxml.jackson.core:jackson-databind
(Maven)
SSB-DB#get() is decrypting messages by default
CVE-2020-4045
(High severity)
was published Jun 11, 2020
•
ssb-db
(npm)
Insufficient Entropy in Spring Security
CVE-2020-5408
(Moderate severity)
was published Jun 15, 2020
•
org.springframework.security:spring-security-core
(Maven)
Denial of Service in Spring Framework
CVE-2018-15756
(High severity)
was published Jun 15, 2020
•
org.springframework:spring-core
(Maven)
Denial of Service in Netty
CVE-2020-11612
(High severity)
was published Jun 15, 2020
•
io.netty:netty-handler
(Maven)
Malformed TAA in a transaction causes view change
CVE-2020-11090
(High severity)
was published Jun 11, 2020
•
indy-node
(pip)
Arbitrary code execution in Apache Commons BeanUtils
CVE-2014-0114
(High severity)
was published Jun 10, 2020
•
commons-beanutils:commons-beanutils
(Maven)
jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-11112
(Moderate severity)
was published Jun 10, 2020
•
com.fasterxml.jackson.core:jackson-databind
(Maven)
Information disclosure in JBoss Weld
CVE-2014-8122
(Moderate severity)
was published Jun 10, 2020
•
org.jboss.weld:weld-core-bom
(Maven)
Command injection in umount
CVE-2020-7628
(High severity)
was published Jun 10, 2020
•
umount
(npm)
Prototype pollution in ini-parser
CVE-2020-7617
(High severity)
was published Jun 10, 2020
•
ini-parser
(npm)
Phar unserialization vulnerability
CVE-2020-4043
(High severity)
was published Jun 10, 2020
•
phpmussel/phpmussel
(Composer)
SQL Injection in Geocoder
CVE-2020-7981
(High severity)
was published Jun 10, 2020
•
geocoder
(RubyGems)
Denial of Service in Cryptacular
CVE-2020-7226
(Moderate severity)
was published Jun 10, 2020
•
org.cryptacular:cryptacular
(Maven)
Validation Bypass in schema-inspector
CVE-2019-10781
(High severity)
was published Jun 10, 2020
•
schema-inspector
(npm)
Insecure Deserialization in Apache XML-RPC
CVE-2019-17570
(High severity)
was published Jun 10, 2020
•
org.apache.xmlrpc
(Maven)
Reflected Cross-Site Scripting in Apache CXF
CVE-2019-17573
(Moderate severity)
was published Jun 10, 2020
•
org.apache.cxf:apache-cxf
(Maven)
The filename of uploaded files vulnerable to stored XSS
CVE-2020-4041
(Moderate severity)
was published Jun 9, 2020
•
bolt/bolt
(Composer)
CSRF issue on preview pages
CVE-2020-4040
(High severity)
was published Jun 9, 2020
•
bolt/bolt
(Composer)
ProTip! Advisories are also available from the
GraphQL API.