GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
27 advisories
Filter by severity
Apache Tomcat: CLIENT_CERT authentication does not fail as expected
Moderate
CVE-2026-34500
was published
for
org.apache.tomcat:tomcat-coyote-ffm
(Maven)
Apr 9, 2026
Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File
High
CVE-2026-34487
was published
for
org.apache.tomcat:tomcat
(Maven)
Apr 9, 2026
Apache Tomcat: Configured cipher preference order not preserved
High
CVE-2026-29129
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Apr 9, 2026
Apache Tomcat has an HTTP Request/Response Smuggling vulnerability
High
CVE-2026-24880
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Apr 9, 2026
Apache Tomcat: CLIENT_CERT authentication does not fail as expected
Critical
CVE-2026-29145
was published
for
org.apache.tomcat:tomcat
(Maven)
Apr 9, 2026
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences
Low
CVE-2025-55754
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 27, 2025
Apache Tomcat Vulnerable to Relative Path Traversal
High
CVE-2025-55752
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 27, 2025
Apache Tomcat - XSS in generated JSPs
Moderate
CVE-2024-52318
was published
for
org.apache.tomcat.embed:tomcat-embed-jasper
(Maven)
Nov 18, 2024
Spring Framework server Web DoS Vulnerability
High
CVE-2024-22233
was published
for
org.springframework:spring-core
(Maven)
Jan 22, 2024
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2024-21733
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 19, 2024
Apache Tomcat Improper Input Validation vulnerability
Moderate
CVE-2023-45648
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 10, 2023
Apache Tomcat Incomplete Cleanup vulnerability
Moderate
CVE-2023-42795
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 10, 2023
PowerJob vulnerable to Incorrect Access Control via the create user/save interface.
Moderate
CVE-2023-29922
was published
for
tech.powerjob:powerjob
(Maven)
Apr 19, 2023
phpMyFAQ Code Injection vulnerability
Moderate
CVE-2023-1761
was published
for
thorsten/phpmyfaq
(Composer)
Mar 31, 2023
Kubernetes vulnerable to validation bypass
High
CVE-2022-3294
was published
for
github.com/kubernetes/kubernetes
(Go)
Mar 1, 2023
Command injection in Git package in Wrangler
High
CVE-2022-31249
was published
for
github.com/rancher/wrangler
(Go)
Jan 25, 2023
json stack overflow vulnerability
High
CVE-2022-45688
was published
for
cn.hutool:hutool-json
(Maven)
Dec 13, 2022
ToolJet is vulnerable to Denial of Service (DoS)
Moderate
CVE-2022-4111
was published
for
tooljet
(npm)
Nov 22, 2022
Lin CMS vulnerable to Improper Authentication
Moderate
CVE-2022-44244
was published
for
Lin-CMS
(Maven)
Nov 10, 2022
Mapbox is vulnerable to Integer Overflow
High
CVE-2022-38216
was published
for
com.mapbox.mapboxsdk:mapbox-android-core
(Maven)
Aug 17, 2022
XSS vulnerability in Jenkins Markdown Formatter Plugin
Moderate
CVE-2021-21660
was published
for
io.jenkins.plugins:markdown-formatter
(Maven)
May 24, 2022
Uncontrolled Resource Consumption in Apache Tomcat
High
CVE-2020-11996
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Feb 9, 2022
Infinite Loop in Apache Tomcat
High
CVE-2020-13935
was published
for
org.apache.tomcat.embed:tomcat-embed-websocket
(Maven)
Feb 8, 2022
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat
High
CVE-2020-13934
was published
for
org.apache.tomcat:tomcat
(Maven)
Feb 8, 2022
Apache Tomcat Denial of Service vulnerability
High
CVE-2019-0199
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jun 15, 2020
ProTip!
Advisories are also available from the
GraphQL API