GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
138 advisories
Django denial-of-service vulnerability in internationalized URLs
High
CVE-2022-41323
was published
for
django
(pip)
Oct 16, 2022
Django DoS in django.views.static.serve
High
CVE-2015-0221
was published
for
Django
(pip)
May 17, 2022
Django Vulnerable to HTTP Response Splitting Attack
High
CVE-2015-5144
was published
for
Django
(pip)
May 17, 2022
Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
High
CVE-2012-3444
was published
for
Django
(pip)
May 17, 2022
Uncontrolled Resource Consumption in Jackson-databind
High
CVE-2022-42003
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 3, 2022
Incorrect Session Validation in Apache Airflow
High
CVE-2020-17526
was published
for
apache-airflow
(pip)
Apr 20, 2021
Cross-Site Request Forgery (CSRF) in Apache Airflow
High
CVE-2017-17835
was published
for
apache-airflow
(pip)
Jan 25, 2019
Remote code execution (RCE) in Apache Airflow
High
CVE-2020-11978
was published
for
apache-airflow
(pip)
Jul 27, 2020
Apache Airflow subject to Exposure of Sensitive Information
High
CVE-2022-27949
was published
for
apache-airflow
(pip)
Nov 14, 2022
Apache Airflow vulnerable to Use of Externally-Controlled Format String
High
CVE-2022-40604
was published
for
apache-airflow
(pip)
Sep 22, 2022
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API
High
CVE-2022-41672
was published
for
apache-airflow
(pip)
Oct 7, 2022
Improper Input Validation in Apache Airflow resulting in Remote Code Execution
High
CVE-2017-15720
was published
for
apache-airflow
(pip)
Jan 25, 2019
Improper Certificate Validation in Apache Airflow
High
CVE-2018-20245
was published
for
apache-airflow
(pip)
Jan 25, 2019
REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering
High
CVE-2017-9805
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation
High
CVE-2018-11776
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 18, 2018
Unrestricted Upload of File with Dangerous Type Apache Tomcat
High
CVE-2017-12617
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-10672
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Apr 23, 2020
Spring Framework vulnerable to denial of service
High
CVE-2023-20863
was published
for
org.springframework:spring-expression
(Maven)
Apr 13, 2023
Apache ActiveMQ Deserialization of Untrusted Data vulnerability
High
CVE-2022-41678
was published
for
org.apache.activemq:apache-activemq
(Maven)
Nov 28, 2023
Apache Tomcat may reject request containing invalid Content-Length header
High
CVE-2022-42252
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 1, 2022
Apache Commons FileUpload denial of service vulnerability
High
CVE-2023-24998
was published
for
commons-fileupload:commons-fileupload
(Maven)
Feb 20, 2023
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High
CVE-2020-17527
was published
for
org.apache.tomcat:tomcat-coyote
(Maven)
Feb 9, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High
CVE-2017-5647
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Files or Directories Accessible to External Parties in org.springframework:spring-core
High
CVE-2015-5211
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
ProTip!
Advisories are also available from the
GraphQL API