GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
5,241 advisories
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
High
CVE-2024-56337
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Dec 20, 2024
htmlcleaner vulnerable to stack exhaustion
High
CVE-2023-34624
was published
for
net.sourceforge.htmlcleaner:htmlcleaner
(Maven)
Jun 14, 2023
json-io vulnerable to stack exhaustion
High
CVE-2023-34610
was published
for
com.cedarsoftware:json-io
(Maven)
Jun 14, 2023
Apache NiFi: Missing Complete Authorization for Parameter and Service References
Low
CVE-2024-56512
was published
for
org.apache.nifi:nifi-web-api
(Maven)
Dec 28, 2024
hutool Buffer Overflow vulnerability
High
CVE-2023-42278
was published
for
cn.hutool:hutool-core
(Maven)
Sep 9, 2023
QOS.CH logback-core Server-Side Request Forgery vulnerability
Low
CVE-2024-12801
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 19, 2024
QOS.CH logback-core Expression Language Injection vulnerability
Moderate
CVE-2024-12798
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 19, 2024
Apache MINA Deserialization RCE Vulnerability
Critical
CVE-2024-52046
was published
for
org.apache.mina:mina-core
(Maven)
Dec 25, 2024
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
High
CVE-2024-50379
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Dec 17, 2024
Path traversal vulnerability in functional web frameworks
High
CVE-2024-38816
was published
for
org.springframework:spring-webflux
(Maven)
Sep 13, 2024
Amazon Redshift JDBC Driver vulnerable to SQL Injection
High
CVE-2024-12744
was published
for
com.amazon.redshift:redshift-jdbc42
(Maven)
Dec 26, 2024
ProTip!
Advisories are also available from the
GraphQL API