GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
5,241 advisories
Spring MVC controller vulnerable to a DoS attack
Moderate
CVE-2024-38828
was published
for
org.springframework:spring-webmvc
(Maven)
Nov 18, 2024
Spring Framework has Authorization Bypass for Case Sensitive Comparisons
Moderate
CVE-2024-38827
was published
for
org.springframework.security:spring-security-core
(Maven)
Dec 2, 2024
Apache Hadoop allows local user to gain root privileges
High
CVE-2023-26031
was published
for
org.apache.hadoop:hadoop-yarn-project
(Maven)
Nov 16, 2023
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
High
CVE-2024-56337
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Dec 20, 2024
htmlcleaner vulnerable to stack exhaustion
High
CVE-2023-34624
was published
for
net.sourceforge.htmlcleaner:htmlcleaner
(Maven)
Jun 14, 2023
json-io vulnerable to stack exhaustion
High
CVE-2023-34610
was published
for
com.cedarsoftware:json-io
(Maven)
Jun 14, 2023
Apache NiFi: Missing Complete Authorization for Parameter and Service References
Low
CVE-2024-56512
was published
for
org.apache.nifi:nifi-web-api
(Maven)
Dec 28, 2024
hutool Buffer Overflow vulnerability
High
CVE-2023-42278
was published
for
cn.hutool:hutool-core
(Maven)
Sep 9, 2023
QOS.CH logback-core Server-Side Request Forgery vulnerability
Low
CVE-2024-12801
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 19, 2024
QOS.CH logback-core Expression Language Injection vulnerability
Moderate
CVE-2024-12798
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 19, 2024
Apache MINA Deserialization RCE Vulnerability
Critical
CVE-2024-52046
was published
for
org.apache.mina:mina-core
(Maven)
Dec 25, 2024
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
High
CVE-2024-50379
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Dec 17, 2024
ProTip!
Advisories are also available from the
GraphQL API