Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

31 advisories

Loading
Moderate severity vulnerability that affects org.springframework:spring-core Moderate
CVE-2018-11040 was published for org.springframework:spring-core (Maven) Oct 16, 2018
sunSUNQ SunBK201
Spring Security OAuth vulnerable to remote code execution (RCE) Critical
CVE-2018-1260 was published for org.springframework.security.oauth:spring-security-oauth2 (Maven) Oct 18, 2018
MikeMoore63 SunBK201
Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views High
CVE-2016-4977 was published for org.springframework.security.oauth:spring-security-oauth2 (Maven) Oct 18, 2018
SunBK201
Moderate severity vulnerability that affects org.apache.commons:commons-compress Moderate
CVE-2018-11771 was published for org.apache.commons:commons-compress (Maven) Oct 19, 2018
SunBK201
Improper Restriction of XML External Entity Reference in bedework:bw-webdav High
CVE-2018-20000 was published for org.bedework:bw-webdav (Maven) Dec 19, 2018
SunBK201
Open Redirect in Spring Security OAuth Moderate
CVE-2019-11269 was published for org.springframework.security.oauth:spring-security-oauth (Maven) Jun 13, 2019
SunBK201
HTTP Request Smuggling in Netty High
CVE-2019-16869 was published for io.netty:netty-all (Maven) Oct 11, 2019
G-Rath westonsteimel
SunBK201
Low severity vulnerability that affects com.linecorp.armeria:armeria Moderate
CVE-2019-16771 was published for com.linecorp.armeria:armeria (Maven) Dec 5, 2019
SunBK201
The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks Moderate
CVE-2019-10219 was published for org.hibernate.validator:hibernate-validator (Maven) Jan 8, 2020
SunBK201
Remote Code Execution (RCE) vulnerability in dropwizard-validation High
CVE-2020-5245 was published for io.dropwizard:dropwizard-validation (Maven) Feb 24, 2020
pwntester SunBK201
Arbitrary code execution in Apache Commons BeanUtils High
CVE-2014-0114 was published for commons-beanutils:commons-beanutils (Maven) Jun 10, 2020
SunBK201
Denial of Service in Spring Framework High
CVE-2018-15756 was published for org.springframework:spring-core (Maven) Jun 15, 2020
SunBK201
Security Constraint Bypass in Spring Security High
CVE-2016-9879 was published for org.springframework.security:spring-security-core (Maven) Sep 15, 2020
SunBK201
Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7 High
CVE-2020-36320 was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
SunBK201
Cross-site Scripting in OWASP AntiSamy Moderate
CVE-2021-35043 was published for org.owasp.antisamy:antisamy (Maven) Aug 2, 2021
SunBK201
Denial of service in DataCommunicator class in Vaadin 8 Moderate
CVE-2021-33609 was published for com.vaadin:vaadin-server (Maven) Oct 13, 2021
SunBK201
Deserialization of Untrusted Data in Spring AMQP Moderate
CVE-2021-22095 was published for org.springframework.amqp:spring-amqp (Maven) Dec 1, 2021
SunBK201
Denial of Service in Apache James High
CVE-2021-40110 was published for org.apache.james:james-server (Maven) Jan 8, 2022
SunBK201
Improper Restriction of XML External Entity Reference High
CVE-2020-13692 was published for org.postgresql:postgresql (Maven) Feb 10, 2022
SunBK201
Improper Input Validation and Allocation of Resources Without Limits or Throttling in poi-scratchpad Moderate
CVE-2022-26336 was published for org.apache.poi:poi-scratchpad (Maven) Mar 5, 2022
SunBK201
Improper handling of case sensitivity in Spring Framework High
CVE-2022-22968 was published for org.springframework:spring-context (Maven) Apr 15, 2022
tdunlap607 amita-seal
SunBK201
Denial of service in Spring Security OAuth2 Moderate
CVE-2022-22969 was published for org.springframework.security.oauth:spring-security-oauth2 (Maven) Apr 22, 2022
ebickle SunBK201
Improper Neutralization of Input During Web Page Generation in Spring Framework Moderate
CVE-2013-6430 was published for org.springframework:spring-web (Maven) May 5, 2022
sunSUNQ SunBK201
Loop with Unreachable Exit Condition in Apache CXF Moderate
CVE-2014-3584 was published for org.apache.cxf:cxf-rt-frontend-jaxrs (Maven) May 13, 2022
sunSUNQ SunBK201
ProTip! Advisories are also available from the GraphQL API