Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

16 advisories

Loading
XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader Moderate
CVE-2024-37900 was published for org.xwiki.platform:xwiki-platform-web-war (Maven) Jul 31, 2024
RoboGR00t
Apache Hive Code Injection vulnerability Moderate
CVE-2023-35701 was published for org.apache.hive:hive-jdbc (Maven) May 3, 2024
oscerd
Code injection in Apache Zeppelin Shell Moderate
CVE-2024-31861 was published for org.apache.zeppelin:zeppelin-shell (Maven) Apr 11, 2024
raboof
Improper Control of Generation of Code ('Code Injection') in Spring Framework Moderate
CVE-2010-1622 was published for org.springframework:spring (Maven) May 17, 2022
sunSUNQ
Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode Moderate
CVE-2012-0394 was published for org.apache.struts.xwork:xwork-core (Maven) May 4, 2022
sunSUNQ MarkLee131
ShifuML shifu code injection vulnerability Moderate
CVE-2023-7148 was published for ml.shifu:shifu (Maven) Dec 29, 2023
Improper Control of Generation of Code in Apache Camel Moderate
CVE-2013-4330 was published for org.apache.camel:camel-core (Maven) May 13, 2022
sunSUNQ
Robocode Arbitrary Code Execution Moderate
CVE-2007-6382 was published for net.sf.robocode:robocode.core (Maven) May 1, 2022
Mortbay Jetty CRLF Injection Vulnerability Moderate
CVE-2007-5615 was published for org.mortbay.jetty:jetty (Maven) May 1, 2022
Apache Tomcat Unrestricted file upload vulnerability Moderate
CVE-2013-4444 was published for org.apache.tomcat:tomcat (Maven) May 13, 2022
Apache Syncope JEXL Code Injection Moderate
CVE-2014-0111 was published for org.apache.syncope:syncope (Maven) May 14, 2022
fabric8 kubernetes-client vulnerable Moderate
CVE-2021-4178 was published for io.fabric8:kubernetes-client (Maven) Jul 15, 2022
sbenhai tdunlap607
XStream is vulnerable to a Remote Command Execution attack Moderate
CVE-2021-21345 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
Improper Control of Generation of Code in HawtJNI Moderate
CVE-2013-2035 was published for org.fusesource.hawtjni:hawtjni-runtime (Maven) May 17, 2022
Improper Control of Generation of Code in Apache Kafka Moderate
CVE-2018-1288 was published for org.apache.kafka:kafka (Maven) May 13, 2022
Improper Control of Generation of Code in Spring Security Moderate
CVE-2011-2732 was published for org.springframework.security:spring-security-core (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API