Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

71 advisories

Loading
Spring Data Commons remote code injection vulnerability Critical
CVE-2018-1273 was published for org.springframework.data:spring-data-commons (Maven) Oct 17, 2018
sharonbz MarkLee131
r3kumar
Spring Framework allows applications to expose STOMP over WebSocket endpoints Critical
CVE-2018-1270 was published for org.springframework:spring-core (Maven) Oct 17, 2018
Improperly Implemented Security Check for Standard in org.springframework:spring-core Critical
CVE-2018-1275 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ MarkLee131
Spring Security OAuth vulnerable to remote code execution (RCE) Critical
CVE-2018-1260 was published for org.springframework.security.oauth:spring-security-oauth2 (Maven) Oct 18, 2018
MikeMoore63 SunBK201
Deserialization of Untrusted Data and Code Injection in xstream Critical
CVE-2019-10173 was published for com.thoughtworks.xstream:xstream (Maven) Jul 26, 2019
Remote code execution in handlebars when compiling templates Critical
CVE-2021-23369 was published for handlebars (Maven) May 6, 2021
westonsteimel
Template injection in thymeleaf-spring5 Critical
CVE-2021-43466 was published for org.thymeleaf:thymeleaf-spring5 (Maven) Nov 10, 2021
Critical vulnerability found in cron-utils Critical
CVE-2021-41269 was published for com.cronutils:cron-utils (Maven) Nov 15, 2021
NielsDoucet pwntester
Code injection in ShenYu Critical
CVE-2021-45029 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
Remote code execution in Apache ActiveMQ Critical
CVE-2020-11998 was published for org.apache.activemq:activemq-parent (Maven) Feb 9, 2022
sunSUNQ
Remote code execution in Apache Struts Critical
CVE-2020-17530 was published for org.apache.struts:struts2-core (Maven) Feb 9, 2022
Apache Cassandra vulnerable to Code Injection due to unsafe configuration Critical
CVE-2021-44521 was published for org.apache.cassandra:cassandra-all (Maven) Feb 12, 2022
Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured Critical
CVE-2022-22947 was published for org.springframework.cloud:spring-cloud-gateway (Maven) Mar 4, 2022
jbmagination
Code injection in Apache Dubbo Critical
CVE-2021-30181 was published for com.alibaba:dubbo (Maven) Mar 18, 2022
Code injection in Apache Dubbo Critical
CVE-2021-30180 was published for org.apache.dubbo:dubbo (Maven) Mar 18, 2022
Remote Code Execution in Spring Framework Critical
CVE-2022-22965 was published for org.springframework.boot:spring-boot-starter-web (Maven) Mar 31, 2022
rotilho cdupuis
briandealwis
Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression Critical
CVE-2022-22963 was published for org.springframework.cloud:spring-cloud-function-context (Maven) Apr 3, 2022
Tsuki124
Struts ParameterInterceptor vulnerability allows remote command execution Critical
CVE-2011-3923 was published for org.apache.struts:struts2-core (Maven) Apr 22, 2022
Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console Critical
CVE-2022-25767 was published for com.bstek.ureport:ureport2-console (Maven) May 3, 2022
Richfaces vulnerable to arbitrary code execution Critical
CVE-2018-14667 was published for org.richfaces:richfaces-core (Maven) May 13, 2022
Improper Control of Generation of Code in Jenkins Script Security Plugin Critical
CVE-2019-10431 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
dbolkensteyn
Dataease before 1.11.2 allows arbitrary code execution via crafter plugin Critical
CVE-2022-34113 was published for io.dataease:dataease-plugin-common (Maven) Jul 23, 2022
XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection Critical
CVE-2022-36100 was published for org.xwiki.platform.applications:xwiki-application-tag (Maven) Sep 16, 2022
XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability Critical
CVE-2022-36099 was published for org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki (Maven) Sep 16, 2022
Arbitrary code execution in Apache Commons Text Critical
CVE-2022-42889 was published for com.guicedee.services:commons-text (Maven) Oct 13, 2022
ProTip! Advisories are also available from the GraphQL API