An open API service providing security vulnerability metadata for many open source software ecosystems.

Browse Security Advisories

Critical
over 1 year ago

Apache Struts file upload logic is flawed GSA_kwCzR0hTQS00M21xLTZ4bWctMjl2bc4ABCSU

maven org.apache.struts:struts2-core
Critical
over 2 years ago

Apache Struts vulnerable to path traversal GSA_kwCzR0hTQS0yajM5LXFjam0tNDI4d84AA3mt

maven org.apache.struts:struts2-core
High
about 3 years ago

Apache Struts vulnerable to memory exhaustion GSA_kwCzR0hTQS00ZzQyLWdxcmctNDYzM84AAz2O

maven org.apache.struts:struts2-core
Moderate
about 3 years ago

Apache Struts vulnerable to memory exhaustion GSA_kwCzR0hTQS04ZjZ4LXY2ODUtZzJ4Y84AAz2D

maven org.apache.struts:struts2-core
Moderate
about 4 years ago

Apache Struts is vulnerable to Cross-site Scripting GSA_kwCzR0hTQS1qZ2NyLTljMnEtcnZwOM4AAgP6

maven org.apache.struts:struts2-core
Moderate
about 4 years ago

Apache Struts directory traversal vulnerability GSA_kwCzR0hTQS13djdnLXhodnctOGhjcM4AAgPc

maven org.apache.struts:struts2-core
Moderate
about 4 years ago

Apache Struts Multiple XSS Vulnerabilities GSA_kwCzR0hTQS01cGdqLXI3YzYtN2M3d84AAf9i

maven org.apache.struts:struts2-parent
Moderate
about 4 years ago

Apache Struts2 Broken Access Control Vulnerability GSA_kwCzR0hTQS1xNXE4LWpnaGYtM3BtM84AAekz

maven org.apache.struts:struts2-core
Moderate
about 4 years ago

Apache Struts XSS Vulnerability GSA_kwCzR0hTQS0yajRxLTlmZmYtMjM2as4AAdCC

maven org.apache.struts:struts2-core
High
about 4 years ago

Code injection in Apache Struts GSA_kwCzR0hTQS1qN2g2LXhyN2ctbTJjNc4AAcrC

maven org.apache.struts:struts2-rest-plugin, org.apache.struts:struts2-core
Moderate
about 4 years ago

Open redirect in Apache Struts GSA_kwCzR0hTQS1ycGo5LXI4OTctd2M2cc4AAcSx

maven org.apache.struts:struts2-core
Critical
about 4 years ago

Apache Struts improper action name cleanup GSA_kwCzR0hTQS14bTkyLXYybXEtODQycc4AAa4Q

maven org.apache.struts:struts2-core
High
about 4 years ago

Apache Struts Open Redirect GSA_kwCzR0hTQS13bTh3LXFwMmYtNzI4cc4AAa4R

maven org.apache.struts.xwork:xwork-core
High
about 4 years ago

Apache Struts Access Control Redirect GSA_kwCzR0hTQS12cTc5LW1ncHgtMnd4NM4AAa4S

maven org.apache.struts:struts-parent
Moderate
about 4 years ago

Denial of service in Apache Struts GSA_kwCzR0hTQS1ocmdjLTU0bXYtNThnds4AAaDb

maven org.apache.struts.xwork:xwork-core
High
about 4 years ago

Incomplete exclude pattern in Apache Struts GSA_kwCzR0hTQS1xMmNnLXhmOXAtaDQ1N84AAYyu

maven org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
High
about 4 years ago

Apache Struts CSRF Vulnerability GSA_kwCzR0hTQS0zOHF3LWo3ODctdjhjMs4AAYUX

maven org.apache.struts.xwork:xwork-core
Moderate
about 4 years ago

XWork in Apache Struts Reveals Sensitive Information GSA_kwCzR0hTQS05Y2NtLWczNjItMnIzNc4AAWMP

maven org.apache.struts.xwork:xwork-core
Moderate
about 4 years ago

Cross-Site Request Forgery in Apache Struts GSA_kwCzR0hTQS1oNHY5LWpmMnItOWg2bc4AAWFk

maven org.apache.struts:struts2-core
High
about 4 years ago

Arbitrary code execution in Apache Struts 2 GSA_kwCzR0hTQS1ncXFtLTU2NGYtdnZ4cc4AAUxj

maven org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
High
about 4 years ago

Arbitrary code execution in Apache Struts 2 GSA_kwCzR0hTQS1wdzhyLXgycW0tM2g1bc4AAUxe

maven org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Moderate
about 4 years ago

Cross-site Scripting in Apache Struts GSA_kwCzR0hTQS1tM3g2LTl2NmgtNGcyOM4AAUxh

maven org.apache.struts:struts2-core
Moderate
about 4 years ago

ClassLoader manipulation in Apache Struts GSA_kwCzR0hTQS12cndjLXFqbXctNXJqbc4AATRA

maven org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
High
about 4 years ago

Arbitrary code execution in Apache Struts GSA_kwCzR0hTQS03Mzd3LW1oNTgtY3hqcM4AATQ_

maven org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
High
about 4 years ago

ClassLoader manipulation in Apache Struts GSA_kwCzR0hTQS1obWhxLTM4MnEtbXA1Ns4AATQ0

maven org.apache.struts:struts2-core
Critical
about 4 years ago

Path Traversal in Apache Struts GSA_kwCzR0hTQS00NGh2LWpqeDctcWZqZ84AATQy

maven org.apache.struts:struts2-convention-plugin
Critical
about 4 years ago

Arbitrary code execution in Apache Struts 2 GSA_kwCzR0hTQS00cHJqLXZ3OWotdjZwcs4AATRG

maven org.apache.struts:struts2-rest-plugin, org.apache.struts:struts2-core
High
about 4 years ago

Apache Struts RCE Vulnerability GSA_kwCzR0hTQS04NzZwLTR3Z2MtNzVyeM4AATMB

maven org.apache.struts:struts2-core
Critical
about 4 years ago

Code execution in Apache Struts 1 plugin GSA_kwCzR0hTQS0yOXJtLTY3NTItZ3Z3ds4AAQdV

maven org.apache.struts:struts2-struts1-plugin
High
about 4 years ago

Code injection in Apache Struts GSA_kwCzR0hTQS03Z2htLXJwYzctcDdnNc34jQ

maven org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Critical
about 4 years ago

Code injection in Apache Struts GSA_kwCzR0hTQS00N3FwLTh2OWctMzlocM32gA

maven org.apache.struts:struts2-core
Moderate
about 4 years ago

Apache Struts's CookieInterceptor component does not use the parameter-name whitelist GSA_kwCzR0hTQS0ycHBwLXhqMzQtdnZmN83e3A

maven org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Critical
about 4 years ago

Apache Struts Remote Java Code Execution GSA_kwCzR0hTQS00d3JyLTloNXItbTkyd83e2w

maven org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core

Filter by Severity

Filter by Source

Filter by Ecosystem

Filter by Package

openclaw 591 moodle/moodle 437 tensorflow 433 tensorflow-cpu 405 tensorflow-gpu 394 magento/community-edition 361 org.jenkins-ci.main:jenkins-core 252 Microsoft.ChakraCore 247 github.com/mattermost/mattermost/server/v8 199 github.com/mattermost/mattermost-server 175 typo3/cms 162 org.apache.tomcat:tomcat 157 com.liferay.portal:release.portal.bom 151 wwbn/avideo 144 Magick.NET-Q16-AnyCPU 132 pimcore/pimcore 132 Magick.NET-Q16-HDRI-AnyCPU 129 apache-airflow 127 dolibarr/dolibarr 126 Magick.NET-Q16-HDRI-OpenMP-arm64 124 Magick.NET-Q16-HDRI-x86 123 com.liferay.portal:release.dxp.bom 123 Magick.NET-Q16-HDRI-arm64 121 Magick.NET-Q16-HDRI-x64 121 Magick.NET-Q16-OpenMP-arm64 120 typo3/cms-core 120 concrete5/concrete5 120 Magick.NET-Q16-OpenMP-x64 119 Magick.NET-Q16-arm64 119 magento/project-community-edition 119 Magick.NET-Q16-x86 118 Magick.NET-Q8-AnyCPU 117 parse-server 116 craftcms/cms 116 Magick.NET-Q16-x64 112 Magick.NET-Q8-OpenMP-arm64 112 open-webui 112 Magick.NET-Q8-arm64 111 Magick.NET-Q8-x86 111 Magick.NET-Q8-OpenMP-x64 109 drupal/core 107 phpmyadmin/phpmyadmin 107 Django 107 thorsten/phpmyfaq 105 microweber/microweber 105 Magick.NET-Q8-x64 105 librenms/librenms 100 n8n 100 org.keycloak:keycloak-services 97 silverstripe/framework 90 symfony/symfony 89 Magick.NET-Q16-HDRI-OpenMP-x64 89 flowise 86 mlflow 78 com.fasterxml.jackson.core:jackson-databind 76 github.com/usememos/memos 75 gogs.io/gogs 75 mantisbt/mantisbt 74 shopware/platform 74 drupal/drupal 72 getgrav/grav 69 salt 67 apache-superset 66 ansible 65 Magick.NET-Q16-OpenMP-x86 64 shopware/core 64 github.com/grafana/grafana 62 github.com/rancher/rancher 61 org.apache.struts:struts2-core 59 picklescan 59 actionpack 59 github.com/siyuan-note/siyuan/kernel 58 vllm 58 mautic/core 57 snipe/snipe-it 57 baserproject/basercms 56 directus 56 org.apache.tomcat.embed:tomcat-embed-core 56 nokogiri 56 next 55 froxlor/froxlor 55 github.com/hashicorp/vault 55 Plone 54 nocodb 54 surrealdb 52 admidio/admidio 50 org.keycloak:keycloak-core 50 rack 50 gradio 49 nova 49 django 49 perl 48 pyload-ng 48 getkirby/cms 47 electron 47 org.xwiki.platform:xwiki-platform-oldcore 46 matrix-synapse 45 github.com/traefik/traefik/v2 45 vyper 44 org.elasticsearch:elasticsearch 44 aiohttp 44 vm2 43 code.gitea.io/gitea 43 rdiffweb 43 showdoc/showdoc 42 nilsteampassnet/teampass 42 DBD-SQLite 42 k8s.io/kubernetes 42 intelliants/subrion 41 phpmyfaq/phpmyfaq 41 github.com/traefik/traefik/v3 41 plone 41 hono 40 praisonai 39 keystone 39 wasmtime 39 net.mingsoft:ms-mcms 39 io.undertow:undertow-core 39 github.com/mattermost/mattermost-server/v6 38 github.com/zitadel/zitadel 38 statamic/cms 37 com.thoughtworks.xstream:xstream 37 github.com/cilium/cilium 37 github.com/argoproj/argo-cd/v2 37 MT 37 PraisonAI 37 ci4-cms-erp/ci4ms 36 github.com/filebrowser/filebrowser/v2 36 com.jfinal:jfinal 36 DotNetNuke.Core 36 deno 36 moin 35 github.com/hashicorp/nomad 34 org.jenkins-ci.plugins:script-security 34 github.com/answerdev/answer 34 pillow 34 github.com/docker/docker 33 kimai/kimai 33 org.apache.tomcat:tomcat-catalina 33 axios 33 code.vikunja.io/api 33 shopware/shopware 33 pypdf 33 praisonaiagents 33 zendframework/zendframework1 32 langflow 32 github.com/hashicorp/consul 32 contao/core-bundle 31 opencv-contrib-python 31 org.opencms:opencms-core 31 prestashop/prestashop 31 yeswiki/yeswiki 31 github.com/argoproj/argo-cd 31 opencv-python 31 org.springframework.security:spring-security-core 30 undici 30 org.apache.solr:solr-core 30 pocketmine/pocketmine-mp 30 phpoffice/phpspreadsheet 28 mediawiki/core 28 pnpm 28 Pillow 28 centreon/centreon 27 @anthropic-ai/claude-code 27 github.com/nats-io/nats-server/v2 27 github.com/fleetdm/fleet/v4 27 zebrad 27 github.com/coder/coder/v2 26 github.com/openfga/openfga 26 facturascripts/facturascripts 26 funadmin/funadmin 26 openmage/magento-lts 26 github.com/ethereum/go-ethereum 26 github.com/openbao/openbao 26 org.eclipse.jetty:jetty-server 26 org.keycloak:keycloak-parent 26 cockpit-hq/cockpit 26 dompurify 26 pgadmin4 26 golang.org/x/crypto 25 grumpydictator/firefly-iii 25 openssl-src 25 litellm 25 ghost 25 laravel/framework 25 org.apache.openmeetings:openmeetings-parent 25 rubygems-update 25 org.bouncycastle:bcprov-jdk14 24 openbabel 24 github.com/traefik/traefik 24 twig/twig 24 remdex/livehelperchat 23 puppet 23 github.com/goharbor/harbor 23 typo3/cms-backend 23 magento/core 23 simplesamlphp/simplesamlphp 23 org.xwiki.platform:xwiki-platform-web-templates 23 weblate 23 activerecord 23

Filter by Repository

https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 250 https://github.com/xwiki/xwiki-platform 222 https://github.com/chakra-core/ChakraCore 214 https://github.com/jenkinsci/jenkins 178 https://github.com/liferay/liferay-portal 170 https://github.com/django/django 121 https://github.com/jquery/jquery 118 https://github.com/apache/tomcat 118 https://github.com/pimcore/pimcore 116 https://github.com/apache/airflow 105 https://github.com/TYPO3/typo3 93 https://github.com/keycloak/keycloak 90 https://github.com/microweber/microweber 90 https://github.com/librenms/librenms 77 https://github.com/FasterXML/jackson-databind 70 https://github.com/rails/rails 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 68 https://github.com/silverstripe/silverstripe-framework 68 https://github.com/kubernetes/kubernetes 66 https://github.com/symfony/symfony 64 https://github.com/Dolibarr/dolibarr 60 https://github.com/ansible/ansible 59 https://github.com/mattermost/mattermost 59 https://github.com/python-pillow/Pillow 52 https://github.com/spring-projects/spring-framework 51 https://github.com/argoproj/argo-cd 50 https://github.com/apache/struts 47 https://github.com/grafana/grafana 47 https://github.com/mautic/mautic 46 https://github.com/rancher/rancher 46 https://github.com/phpmyadmin/phpmyadmin 45 https://github.com/concretecms/concretecms 44 https://github.com/vyperlang/vyper 44 https://github.com/saltstack/salt 42 https://github.com/shopware/platform 42 https://github.com/mantisbt/mantisbt 42 https://github.com/ikus060/rdiffweb 42 https://github.com/craftcms/cms 41 https://github.com/directus/directus 41 https://github.com/shopware/shopware 40 https://github.com/mmaitre314/picklescan 39 https://github.com/star7th/showdoc 39 https://github.com/magento/magento2 38 https://github.com/gradio-app/gradio 38 https://github.com/openstack/nova 38 https://github.com/dotnet/runtime 38 https://github.com/x-stream/xstream 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/mlflow/mlflow 36 https://github.com/octobercms/october 36 https://github.com/sparklemotion/nokogiri 35 https://github.com/umbraco/Umbraco-CMS 35 https://github.com/parse-community/parse-server 34 https://github.com/answerdev/answer 34 https://github.com/apache/activemq 34 https://github.com/go-gitea/gitea 32 https://github.com/matrix-org/synapse 32 https://github.com/opencv/opencv 32 https://github.com/cilium/cilium 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/apache/inlong 31 https://github.com/snipe/snipe-it 30 https://github.com/contao/contao 30 https://github.com/rack/rack 29 https://github.com/erlang/otp 29 https://github.com/gogs/gogs 28 https://github.com/strapi/strapi 28 https://github.com/FlowiseAI/Flowise 28 https://github.com/CVEProject/cvelist 28 https://github.com/electron/electron 28 https://github.com/openstack/keystone 28 https://github.com/netty/netty 27 https://github.com/apache/nifi 26 https://github.com/zitadel/zitadel 26 https://github.com/Perl/perl5 26 https://github.com/baserproject/basercms 26 https://github.com/froxlor/froxlor 26 https://github.com/github/advisory-database 26 https://github.com/geoserver/geoserver 26 https://github.com/pmmp/PocketMine-MP 25 https://github.com/vercel/next.js 25 https://github.com/surrealdb/surrealdb 25 https://github.com/denoland/deno 25 https://github.com/traefik/traefik 25 https://github.com/langchain-ai/langchain 25 https://github.com/vllm-project/vllm 25 https://github.com/bcgit/bc-java 25 https://github.com/run-llama/llama_index 24 https://github.com/hashicorp/consul 24 https://github.com/apache/cxf 24 https://github.com/pyload/pyload 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 23 https://github.com/nilsteampassnet/TeamPass 23 https://github.com/bytecodealliance/wasmtime 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/dnnsoftware/Dnn.Platform 23 https://github.com/moby/moby 23 https://github.com/PrestaShop/PrestaShop 23 https://github.com/getkirby/kirby 22 https://github.com/helm/helm 22 https://github.com/PHPOffice/PhpSpreadsheet 22 https://github.com/jenkinsci/script-security-plugin 22 https://github.com/nervosnetwork/ckb 22 https://github.com/undertow-io/undertow 21 https://github.com/goharbor/harbor 21 https://github.com/laravel/framework 21 https://github.com/OpenZeppelin/openzeppelin-contracts 21 https://github.com/hashicorp/vault 21 https://github.com/ethyca/fides 20 https://github.com/OpenNMS/opennms 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/opencast/opencast 20 https://github.com/funadmin/funadmin 20 https://github.com/cloudfoundry/uaa 19 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/huggingface/transformers 19 https://github.com/simplesamlphp/simplesamlphp 19 https://github.com/alkacon/opencms-core 19 https://github.com/TYPO3-CMS/core 19 https://github.com/backstage/backstage 19 https://github.com/containerd/containerd 19 https://github.com/rubygems/rubygems 18 https://github.com/OpenMage/magento-lts 18 https://github.com/apache/camel 18 https://github.com/opencontainers/runc 18 https://github.com/vaadin/platform 18 https://github.com/mindsdb/mindsdb 17 https://github.com/liufee/cms 17 https://github.com/openfga/openfga 17 https://github.com/ethereum/go-ethereum 17 https://github.com/vantage6/vantage6 17 https://github.com/apache/kylin 17 https://github.com/forkcms/forkcms 16 https://github.com/rusqlite/rusqlite 16 https://github.com/sequelize/sequelize 16 https://github.com/pyca/cryptography 16 https://github.com/etcd-io/etcd 16 https://github.com/dotnet/aspnetcore 16 https://github.com/twbs/bootstrap 16 https://github.com/tinymce/tinymce 16 https://github.com/quarkusio/quarkus 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/vitejs/vite 16 https://github.com/hashicorp/nomad 16 https://github.com/spring-projects/spring-security 15 https://github.com/zendframework/zendframework 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/centreon/centreon 15 https://github.com/containers/podman 15 https://github.com/aio-libs/aiohttp 15 https://github.com/puppetlabs/puppet 15 https://github.com/nodejs/undici 15 https://github.com/decidim/decidim 15 https://github.com/cobbler/cobbler 15 https://github.com/sqlite/sqlite 15 https://github.com/xuxueli/xxl-job 15 https://github.com/dompdf/dompdf 15 https://github.com/thorsten/phpMyFAQ 15 https://github.com/ckeditor/ckeditor4 15 https://github.com/drupal/core 15 https://github.com/OPCFoundation/UA-.NETStandard 15 https://github.com/MobSF/Mobile-Security-Framework-MobSF 15 https://github.com/rails/rails-html-sanitizer 14 https://github.com/TryGhost/Ghost 14 https://github.com/dpgaspar/Flask-AppBuilder 14 https://github.com/apache/zeppelin 14 https://github.com/golang/go 14 https://github.com/ImageMagick/ImageMagick 14 https://github.com/twisted/twisted 14 https://github.com/mojolicious/mojo 14 https://github.com/janeczku/calibre-web 14 https://github.com/apache/superset 14 https://github.com/urllib3/urllib3 14 https://github.com/publify/publify 14 https://github.com/pgadmin-org/pgadmin4 14 https://github.com/Graylog2/graylog2-server 14 https://github.com/pimcore/admin-ui-classic-bundle 14 https://github.com/cosmos/cosmos-sdk 14 https://github.com/ming-soft/MCMS 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/openbao/openbao 13 https://github.com/laurent22/joplin 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/apache/dolphinscheduler 13 https://sourceforge.net/projects/sourceforge.net 13 https://github.com/h2oai/h2o-3 13 https://github.com/dromara/hutool 13 https://github.com/perl5-dbi/dbi 13 https://github.com/zenml-io/zenml 13 https://github.com/modoboa/modoboa 13 https://github.com/OctoPrint/OctoPrint 13 https://github.com/1Panel-dev/1Panel 13 https://github.com/swagger-api/swagger-ui 13