Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

27 advisories

Loading
Apache Tomcat: CLIENT_CERT authentication does not fail as expected Moderate
CVE-2026-34500 was published for org.apache.tomcat:tomcat-coyote-ffm (Maven) Apr 9, 2026
aruneko Credited to aruneko
Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File High
CVE-2026-34487 was published for org.apache.tomcat:tomcat (Maven) Apr 9, 2026
aruneko Credited to aruneko
Apache Tomcat: Configured cipher preference order not preserved High
CVE-2026-29129 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 9, 2026
aruneko Credited to aruneko
Apache Tomcat has an HTTP Request/Response Smuggling vulnerability High
CVE-2026-24880 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 9, 2026
tkwilli94 Credited to tkwilli94 and aruneko aruneko aruneko
Apache Tomcat: CLIENT_CERT authentication does not fail as expected Critical
CVE-2026-29145 was published for org.apache.tomcat:tomcat (Maven) Apr 9, 2026
aruneko Credited to aruneko
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences Low
CVE-2025-55754 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
aruneko Credited to aruneko
Apache Tomcat Vulnerable to Relative Path Traversal High
CVE-2025-55752 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
aruneko Credited to aruneko and tkwilli94 tkwilli94 tkwilli94
Apache Tomcat - XSS in generated JSPs Moderate
CVE-2024-52318 was published for org.apache.tomcat.embed:tomcat-embed-jasper (Maven) Nov 18, 2024
aruneko Credited to aruneko
Spring Framework server Web DoS Vulnerability High
CVE-2024-22233 was published for org.springframework:spring-core (Maven) Jan 22, 2024
aruneko Credited to aruneko, reva, YukiInu, fnxpt, schmidt-fu, tolmaidis, and LukaszGrzesik reva reva
YukiInu YukiInu fnxpt fnxpt schmidt-fu schmidt-fu tolmaidis tolmaidis LukaszGrzesik LukaszGrzesik
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information Moderate
CVE-2024-21733 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 19, 2024
westonsteimel Credited to westonsteimel and aruneko aruneko aruneko
Apache Tomcat Improper Input Validation vulnerability Moderate
CVE-2023-45648 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 10, 2023
biehl1 Credited to biehl1, mpihelgas, and aruneko mpihelgas mpihelgas
aruneko aruneko
Apache Tomcat Incomplete Cleanup vulnerability Moderate
CVE-2023-42795 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 10, 2023
biehl1 Credited to biehl1, mpihelgas, and aruneko mpihelgas mpihelgas
aruneko aruneko
PowerJob vulnerable to Incorrect Access Control via the create user/save interface. Moderate
CVE-2023-29922 was published for tech.powerjob:powerjob (Maven) Apr 19, 2023
achibear Credited to achibear and aruneko aruneko aruneko
phpMyFAQ Code Injection vulnerability Moderate
CVE-2023-1761 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
aruneko Credited to aruneko
Kubernetes vulnerable to validation bypass High
CVE-2022-3294 was published for github.com/kubernetes/kubernetes (Go) Mar 1, 2023
aruneko Credited to aruneko and kurt-r2c kurt-r2c kurt-r2c
Command injection in Git package in Wrangler High
CVE-2022-31249 was published for github.com/rancher/wrangler (Go) Jan 25, 2023
cokeBeer Credited to cokeBeer, aruneko, and tdunlap607 aruneko aruneko
tdunlap607 tdunlap607
json stack overflow vulnerability High
CVE-2022-45688 was published for cn.hutool:hutool-json (Maven) Dec 13, 2022
westonsteimel Credited to westonsteimel and aruneko aruneko aruneko
ToolJet is vulnerable to Denial of Service (DoS) Moderate
CVE-2022-4111 was published for tooljet (npm) Nov 22, 2022
aruneko Credited to aruneko
Lin CMS vulnerable to Improper Authentication Moderate
CVE-2022-44244 was published for Lin-CMS (Maven) Nov 10, 2022
aruneko Credited to aruneko and richardfan0606 richardfan0606 richardfan0606
Mapbox is vulnerable to Integer Overflow High
CVE-2022-38216 was published for com.mapbox.mapboxsdk:mapbox-android-core (Maven) Aug 17, 2022
billyjbryant Credited to billyjbryant and aruneko aruneko aruneko
XSS vulnerability in Jenkins Markdown Formatter Plugin Moderate
CVE-2021-21660 was published for io.jenkins.plugins:markdown-formatter (Maven) May 24, 2022
NotMyFault Credited to NotMyFault and aruneko aruneko aruneko
Uncontrolled Resource Consumption in Apache Tomcat High
CVE-2020-11996 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Feb 9, 2022
sunSUNQ Credited to sunSUNQ and aruneko aruneko aruneko
Infinite Loop in Apache Tomcat High
CVE-2020-13935 was published for org.apache.tomcat.embed:tomcat-embed-websocket (Maven) Feb 8, 2022
sunSUNQ Credited to sunSUNQ and aruneko aruneko aruneko
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat High
CVE-2020-13934 was published for org.apache.tomcat:tomcat (Maven) Feb 8, 2022
aruneko Credited to aruneko
Apache Tomcat Denial of Service vulnerability High
CVE-2019-0199 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 15, 2020
aruneko Credited to aruneko
ProTip! Advisories are also available from the GraphQL API