Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

18 advisories

Loading
Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin High
CVE-2022-30945 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 18, 2022
NotMyFault
Wildfly-Core user account mismanagement High
CVE-2021-3717 was published for org.wildfly.core:wildfly-core-parent (Maven) May 25, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket High
CVE-2020-11976 was published for org.apache.wicket:wicket-core (Maven) May 7, 2021
jacobovazquez
Improper file downloads in Apache Tapestry Moderate
CVE-2020-13953 was published for org.apache.tapestry:tapestry-core (Maven) Feb 10, 2022
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin Moderate
CVE-2021-21429 was published for org.openapitools:openapi-generator-maven-plugin (Maven) Apr 29, 2021
JLLeitschuh
Files Accessible to External Parties in Opencast Critical
CVE-2021-43821 was published for org.opencastproject:opencast-ingest-service-impl (Maven) Dec 14, 2021
gregorydlogan
Keycloak has Files or Directories Accessible to External Parties Moderate
CVE-2021-3856 was published for org.keycloak:keycloak-core (Maven) Aug 27, 2022
Missing authorization in xwiki-platform Moderate
CVE-2022-23621 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Feb 9, 2022
Apache InLong has Files or Directories Accessible to External Parties in Apache InLong Critical
CVE-2023-31066 was published for org.apache.inlong:manager-service (Maven) Jul 6, 2023
Apache InLong has Files or Directories Accessible to External Parties High
CVE-2023-31064 was published for org.apache.inlong:manager-workflow (Maven) Jul 6, 2023
Local Temp Directory Hijacking Vulnerability High
CVE-2020-27216 was published for org.eclipse.jetty:jetty-webapp (Maven) Nov 4, 2020
JLLeitschuh timtebeek
Apache Struts vulnerable to path traversal Critical
CVE-2023-50164 was published for org.apache.struts:struts2-core (Maven) Dec 7, 2023
yoshizawa-masatoshi henrikplate
Guava vulnerable to insecure use of temporary directory Moderate
CVE-2023-2976 was published for com.google.guava:guava (Maven) Jun 14, 2023
Files or Directories Accessible to External Parties in org.springframework:spring-core High
CVE-2015-5211 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ
Path Traversal in Apache Flink High
CVE-2020-17519 was published for org.apache.flink:flink-runtime_2.11 (Maven) Jan 6, 2021
stephanmiehe
Apache SeaTunnel SQL Injection vulnerability High
CVE-2023-49198 was published for org.apache.seatunnel:seatunnel (Maven) Aug 21, 2024
Apache Linkis DataSource allows arbitrary file reading High
CVE-2023-41916 was published for org.apache.linkis:linkis-datasource (Maven) Jul 15, 2024
Apache Linkis arbitrary file deletion vulnerability High
CVE-2024-27182 was published for org.apache.linkis:linkis (Maven) Aug 2, 2024
ProTip! Advisories are also available from the GraphQL API