Browse Security Advisories
Security Advisories for org.apache.struts:struts2-core for https://github.com/apache/struts Clear Filters
Critical
8 months ago
Apache Struts file upload logic is flawed
maven
org.apache.struts:struts2-core
Critical
over 1 year ago
Apache Struts vulnerable to path traversal
maven
org.apache.struts:struts2-core
High
over 1 year ago
Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability
maven
org.apache.struts:struts2-core
Moderate
about 2 years ago
Apache Struts vulnerable to memory exhaustion
maven
org.apache.struts:struts2-core
High
about 2 years ago
Apache Struts vulnerable to memory exhaustion
maven
org.apache.struts:struts2-core
Moderate
over 3 years ago
Apache Struts is vulnerable to Cross-site Scripting
maven
org.apache.struts:struts2-core
Moderate
over 3 years ago
Apache Struts directory traversal vulnerability
maven
org.apache.struts:struts2-core
Moderate
over 3 years ago
Apache Struts2 Broken Access Control Vulnerability
maven
org.apache.struts:struts2-core
High
over 3 years ago
Code injection in Apache Struts
maven
org.apache.struts:struts2-rest-plugin, org.apache.struts:struts2-core
Critical
over 3 years ago
Apache Struts improper action name cleanup
maven
org.apache.struts:struts2-core
Moderate
over 3 years ago
Apache Struts vulnerable to possible DoS attack when using URLValidator
maven
org.apache.struts:struts2-core
High
over 3 years ago
Incomplete exclude pattern in Apache Struts
maven
org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Moderate
over 3 years ago
Apache Struts vulnerable to possible DoS attack when using URLValidator
maven
org.apache.struts:struts2-core
Moderate
over 3 years ago
Cross-Site Request Forgery in Apache Struts
maven
org.apache.struts:struts2-core
High
over 3 years ago
Arbitrary code execution in Apache Struts 2
maven
org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Moderate
over 3 years ago
Cross-site Scripting in Apache Struts
maven
org.apache.struts:struts2-core
High
over 3 years ago
Arbitrary code execution in Apache Struts 2
maven
org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
High
over 3 years ago
Apache Struts Code injection due to conversion error
maven
org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
High
over 3 years ago
Improper Control of Generation of Code in Apache Struts
maven
org.apache.struts:struts2-core
Moderate
over 3 years ago
ClassLoader manipulation in Apache Struts
maven
org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
High
over 3 years ago
Arbitrary code execution in Apache Struts
maven
org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Critical
over 3 years ago
Apache Struts vulnerable to arbitrary remote code execution due to improper input validation
maven
org.apache.struts:struts2-core
High
over 3 years ago
ClassLoader manipulation in Apache Struts
maven
org.apache.struts:struts2-core
Critical
over 3 years ago
Arbitrary code execution in Apache Struts 2
maven
org.apache.struts:struts2-rest-plugin, org.apache.struts:struts2-core
High
over 3 years ago
Code injection in Apache Struts
maven
org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Moderate
over 3 years ago
Apache Struts's CookieInterceptor component does not use the parameter-name whitelist
maven
org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Moderate
over 3 years ago
Apache Struts's ParameterInterceptor component does not prevent access to public constructors
maven
org.apache.struts:struts2-core, org.apache.struts.xwork:xwork-core
High
over 3 years ago
Apache Struts Remote Java Code Execution
maven
org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
High
over 3 years ago
Unrestricted Upload of File with Dangerous Type in Apache Struts2
maven
org.apache.struts:struts2-core
High
almost 7 years ago
Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used
maven
org.apache.struts:struts2-core
High
almost 7 years ago
Spring AOP functionality (Struts) vulnerable to DoS attack
maven
org.apache.struts:struts2-core
Critical
almost 7 years ago
Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal
maven
org.apache.struts:struts2-core
Filter by Severity
Filter by Ecosystem
maven
6,774
packagist
5,383
pypi
4,882
npm
4,236
go
2,875
nuget
1,702
cargo
1,075
rubygems
928
hex
37
swift
36
actions
34
pub
10
Filter by Package
tensorflow
433
tensorflow-gpu
427
tensorflow-cpu
423
moodle/moodle
418
magento/community-edition
301
Microsoft.ChakraCore
247
org.jenkins-ci.main:jenkins-core
239
typo3/cms
190
com.liferay.portal:release.portal.bom
138
org.apache.tomcat:tomcat
138
com.liferay.portal:release.dxp.bom
123
github.com/mattermost/mattermost/server/v8
123
pimcore/pimcore
120
dolibarr/dolibarr
116
typo3/cms-core
111
phpmyadmin/phpmyadmin
107
Django
107
microweber/microweber
103
drupal/core
103
magento/project-community-edition
101
silverstripe/framework
92
apache-airflow
85
librenms/librenms
83
drupal/drupal
83
thorsten/phpmyfaq
73
Plone
72
symfony/symfony
69
com.fasterxml.jackson.core:jackson-databind
69
concrete5/concrete5
67
github.com/usememos/memos
66
salt
65
ansible
63
apache-superset
61
actionpack
61
shopware/platform
58
org.apache.struts:struts2-core
57
github.com/grafana/grafana
56
mlflow
53
craftcms/cms
52
org.keycloak:keycloak-core
50
github.com/hashicorp/vault
48
nova
48
baserproject/basercms
47
django
46
nokogiri
46
org.apache.tomcat.embed:tomcat-embed-core
46
shopware/core
45
vyper
44
mautic/core
44
gradio
44
github.com/rancher/rancher
44
org.xwiki.platform:xwiki-platform-oldcore
43
rdiffweb
42
org.keycloak:keycloak-services
42
nilsteampassnet/teampass
42
matrix-synapse
42
showdoc/showdoc
41
org.elasticsearch:elasticsearch
41
k8s.io/kubernetes
41
plone
41
mantisbt/mantisbt
41
froxlor/froxlor
40
github.com/mattermost/mattermost-server/v6
39
intelliants/subrion
39
directus
39
github.com/mattermost/mattermost-server
37
com.thoughtworks.xstream:xstream
37
net.mingsoft:ms-mcms
36
com.jfinal:jfinal
36
snipe/snipe-it
36
moin
35
io.undertow:undertow-core
34
zendframework/zendframework1
34
org.jenkins-ci.plugins:script-security
34
github.com/answerdev/answer
34
gogs.io/gogs
33
parse-server
33
keystone
32
github.com/docker/docker
31
github.com/cilium/cilium
31
opencv-contrib-python
31
github.com/argoproj/argo-cd
31
github.com/hashicorp/nomad
31
github.com/argoproj/argo-cd/v2
31
opencv-python
31
shopware/shopware
30
getgrav/grav
30
Pillow
29
rack
29
github.com/hashicorp/consul
29
electron
28
mediawiki/core
28
pillow
28
org.apache.solr:solr-core
28
org.opencms:opencms-core
27
centreon/centreon
27
org.springframework.security:spring-security-core
26
prestashop/prestashop
26
next
26
openssl-src
26
github.com/traefik/traefik/v2
25
rubygems-update
25
org.eclipse.jetty:jetty-server
25
contao/core-bundle
25
vllm
25
open-webui
25
pocketmine/pocketmine-mp
24
surrealdb
24
org.keycloak:keycloak-parent
24
getkirby/cms
24
magento/core
24
org.bouncycastle:bcprov-jdk14
23
puppet
23
laravel/framework
23
phpoffice/phpexcel
23
remdex/livehelperchat
23
simplesamlphp/simplesamlphp
23
zendframework/zendframework
23
grumpydictator/firefly-iii
23
pyload-ng
23
org.apache.tomcat:tomcat-catalina
22
ckb
22
Microsoft.AspNetCore.App.Runtime.win-x86
22
Microsoft.AspNetCore.App.Runtime.win-x64
22
tribalsystems/zenario
22
org.apache.openmeetings:openmeetings-parent
22
DotNetNuke.Core
22
activerecord
22
@openzeppelin/contracts-upgradeable
22
glance
21
@openzeppelin/contracts
21
github.com/goharbor/harbor
21
phpoffice/phpspreadsheet
21
github.com/ethereum/go-ethereum
21
helm.sh/helm/v3
21
Microsoft.AspNetCore.App.Runtime.win-arm
21
org.apache.nifi:nifi
21
org.apache.tomcat:tomcat-coyote
20
langchain
20
golang.org/x/net
20
funadmin/funadmin
20
org.cloudfoundry.identity:cloudfoundry-identity-server
20
code.gitea.io/gitea
20
cockpit-hq/cockpit
20
aim
20
org.xwiki.platform:xwiki-platform-web-templates
20
wasmtime
20
Microsoft.AspNetCore.App.Runtime.linux-arm64
19
deno
19
Microsoft.AspNetCore.App.Runtime.linux-arm
19
Microsoft.AspNetCore.App.Runtime.win-arm64
19
Microsoft.AspNetCore.App.Runtime.osx-x64
19
Microsoft.AspNetCore.App.Runtime.linux-x64
19
github.com/zitadel/zitadel
19
Microsoft.AspNetCore.App.Runtime.linux-musl-x64
19
neutron
19
topthink/framework
19
mercurial
18
forkcms/forkcms
18
cobbler
18
org.apache.jspwiki:jspwiki-main
18
contao/contao
18
genix/cms
18
com.vaadin:vaadin-bom
18
Microsoft.AspNetCore.App.Runtime.linux-musl-arm64
18
mindsdb
18
org.apache.inlong:manager-pojo
17
typo3/cms-backend
17
yetiforce/yetiforce-crm
17
francoisjacquet/rosariosis
17
cakephp/cakephp
17
org.apache.geode:geode-core
17
org.springframework:spring-core
17
symfony/security
17
opencart/opencart
17
github.com/openfga/openfga
17
calibreweb
17
notebook
17
ezsystems/ezpublish-kernel
17
openmage/magento-lts
17
cryptography
17
flowise
17
OctoPrint
17
github.com/traefik/traefik/v3
17
Microsoft.NetCore.App.Runtime.win-x64
16
Microsoft.NetCore.App.Runtime.win-x86
16
paddlepaddle
16
tinymce
16
Microsoft.NetCore.App.Runtime.win-arm64
16
transformers
16
Microsoft.NetCore.App.Runtime.win-arm
16
rusqlite
16
october/system
16
org.bouncycastle:bcprov-jdk15
16
lollms
16
sequelize
16
org.apache.ranger:ranger
16
org.apache.activemq:activemq-client
16
org.apache.dubbo:dubbo
16
PaddlePaddle
16