GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
47 advisories
Temporary Directory Hijacking Vulnerability in Keycloak
High
CVE-2021-20202
was published
for
org.keycloak:keycloak-core
(Maven)
Mar 18, 2022
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin
Moderate
CVE-2021-21429
was published
for
org.openapitools:openapi-generator-maven-plugin
(Maven)
Apr 29, 2021
Netflix/Priam: Temporary Directory Information Disclosure
Moderate
CVE-2021-28100
was published
for
com.netflix.priam:priam
(Maven)
Mar 30, 2021
Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory
Low
CVE-2021-21363
was published
for
io.swagger:swagger-codegen
(Maven)
Mar 11, 2021
TemporaryFolder on unix-like systems does not limit access to created files
Moderate
CVE-2020-15250
was published
for
junit:junit
(Maven)
Oct 12, 2020
Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting)
Critical
CVE-2020-7622
was published
for
io.jooby:jooby-netty
(Maven)
Apr 3, 2020
Local Information Disclosure Vulnerability
Low
CVE-2021-21331
was published
for
com.datadoghq:datadog-api-client
(Maven)
Mar 3, 2021
Venice vulnerable to Partial Path Traversal issue within the functions `load-file` and `load-resource`
Moderate
CVE-2022-36007
was published
for
com.github.jlangch:venice
(Maven)
Aug 18, 2022
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code
Moderate
CVE-2021-21430
was published
for
org.openapitools:openapi-generator
(Maven)
May 11, 2021
Generated Code Contains Local Information Disclosure Vulnerability
Moderate
CVE-2021-21364
was published
for
io.swagger:swagger-codegen
(Maven)
Mar 11, 2021
Ratpack's default client side session signing key is highly predictable
Moderate
CVE-2021-29480
was published
for
io.ratpack:ratpack-session
(Maven)
Jul 1, 2021
Neo4j Graph apoc plugins Partial Path Traversal Vulnerability
Moderate
CVE-2022-37423
was published
for
org.neo4j.procedure:apoc
(Maven)
Aug 12, 2022
Partial Path Traversal in com.amazonaws:aws-java-sdk-s3
High
CVE-2022-31159
was published
for
com.amazonaws:aws-java-sdk-s3
(Maven)
Jul 15, 2022
Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot
High
CVE-2022-27772
was published
for
org.springframework.boot:spring-boot
(Maven)
Jul 11, 2022
Local Information Disclosure Vulnerability in io.netty:netty-codec-http
Moderate
CVE-2022-24823
was published
for
io.netty:netty-codec-http
(Maven)
May 10, 2022
Local information disclosure via system temporary directory
Moderate
CVE-2021-28168
was published
for
org.glassfish.jersey.core:jersey-common
(Maven)
Apr 23, 2021
JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0
Critical
CVE-2019-16303
was published
for
generator-jhipster-kotlin
(npm)
Jun 26, 2020
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria
Moderate
GHSA-35fr-h7jr-hh86
was published
for
com.linecorp.armeria:armeria
(Maven)
Dec 6, 2019
Critical severity vulnerability that affects generator-jhipster
Critical
GHSA-mwp6-j9wf-968c
was published
for
generator-jhipster
(npm)
Sep 13, 2019
•
withdrawn
XSS in dojox due to insufficient escape in dojox.xmpp.util.xmlEncode
Moderate
CVE-2019-10785
was published
for
dojox
(npm)
Feb 13, 2020
HTTP Response Splitting in Styx
Moderate
CVE-2020-6858
was published
for
com.hotels.styx:styx-api
(Maven)
Mar 3, 2020
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled))
Moderate
CVE-2019-10782
was published
for
com.puppycrawl.tools:checkstyle
(Maven)
Jan 31, 2020
ProTip!
Advisories are also available from the
GraphQL API