Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

9 advisories

Loading
Spring Framework allows applications to expose STOMP over WebSocket endpoints Critical
CVE-2018-1270 was published for org.springframework:spring-core (Maven) Oct 17, 2018
Java: DoS Vulnerability in JSON-JAVA High
CVE-2023-5072 was published for org.json:json (Maven) Nov 14, 2023
eamonnmcmanus
Inconsistent documentation in Apache Tomcat Moderate
CVE-2017-15706 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Client Spoofing within the Keycloak Device Authorisation Grant Low
CVE-2023-2585 was published for org.keycloak:keycloak-server-spi-private (Maven) Jun 30, 2023
Improperly Implemented Security Check for Standard in org.springframework:spring-core Critical
CVE-2018-1275 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ MarkLee131
Ansible apt_key module does not properly verify key fingerprint High
CVE-2016-8614 was published for ansible (pip) Oct 10, 2018
In marshmallow library the schema "only" option treats an empty list as implying no "only" option Moderate
CVE-2018-17175 was published for marshmallow (pip) Oct 10, 2018
vantage6-server node accepts non-whitelisted algorithms from malicious server High
CVE-2023-47631 was published for vantage6-node (pip) Nov 14, 2023
ProTip! Advisories are also available from the GraphQL API