GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,296
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
6,798 advisories
Filter by severity
Jenkins: Stored XSS vulnerability in node offline cause description
High
CVE-2026-53441
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 10, 2026
Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates
Moderate
CVE-2026-47838
was published
for
org.springframework.security:spring-security-web
(Maven)
Jun 10, 2026
In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization
High
CVE-2026-41731
was published
for
org.springframework.kafka:spring-kafka
(Maven)
Jun 10, 2026
In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header
Moderate
CVE-2026-41726
was published
for
org.springframework.kafka:spring-kafka
(Maven)
Jun 10, 2026
Netty has Insufficient Bailiwick Validation for NS Records
High
CVE-2026-47691
was published
for
io.netty:netty-resolver-dns
(Maven)
Jun 8, 2026
Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced
Moderate
CVE-2026-47244
was published
for
io.netty:netty-codec-http2
(Maven)
Jun 8, 2026
Netty: SCTP reassembly nests buffers without bound
High
CVE-2026-46340
was published
for
io.netty:netty-transport-sctp
(Maven)
Jun 8, 2026
Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records
High
CVE-2026-45674
was published
for
io.netty:netty-resolver-dns
(Maven)
Jun 8, 2026
Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port
Moderate
CVE-2026-45673
was published
for
io.netty:netty-resolver-dns
(Maven)
Jun 8, 2026
Netty: Unix-socket fd receive leaks descriptors when peer sends two at once
Moderate
CVE-2026-45536
was published
for
io.netty:netty-transport-native-epoll
(Maven)
Jun 8, 2026
Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes
High
CVE-2026-45416
was published
for
io.netty:netty-handler
(Maven)
Jun 8, 2026
Netty's Default QUIC token handler accepts any client-supplied token
High
CVE-2026-44894
was published
for
io.netty:netty-codec-classes-quic
(Maven)
Jun 8, 2026
Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length
High
CVE-2026-44893
was published
for
io.netty:netty-codec-haproxy
(Maven)
Jun 8, 2026
Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size
High
CVE-2026-44892
was published
for
io.netty:netty-codec-http3
(Maven)
Jun 8, 2026
Netty has Unbounded Direct Memory Consumption in its RedisDecoder
High
CVE-2026-44890
was published
for
io.netty:netty-codec-redis
(Maven)
Jun 8, 2026
Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays
High
CVE-2026-44250
was published
for
io.netty:netty-codec-redis
(Maven)
Jun 8, 2026
Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking
High
CVE-2026-44249
was published
for
io.netty:netty-handler
(Maven)
Jun 8, 2026
epa4all-client: Unauthenticated REST API for Patient Record Writes
Moderate
CVE-2026-47672
was published
for
com.oviva.telematik:epa4all-rest-service
(Maven)
Jun 4, 2026
Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass
Critical
CVE-2026-47065
was published
for
org.apache.mina:mina-core
(Maven)
Jun 3, 2026
Apache Calcite is Vulnerable to Use of Externally-Controlled Input to Select Classes
Moderate
CVE-2026-46718
was published
for
org.apache.calcite:calcite-core
(Maven)
Jun 2, 2026
Spring Cloud Function Context has Uncontrolled Recursion
Moderate
CVE-2026-40989
was published
for
org.springframework.cloud:spring-cloud-function-context
(Maven)
Jun 1, 2026
Spring Cloud Function Context: Uncontrolled Recursion is possible while attempting to add infinite amount of functions to Function Registry
Moderate
CVE-2026-40990
was published
for
org.springframework.cloud:spring-cloud-function-context
(Maven)
Jun 1, 2026
Logback vulnerable to Object Injection through HardenedObjectInputStream modules
Low
CVE-2026-10532
was published
for
ch.qos.logback:logback-core
(Maven)
Jun 1, 2026
Apache Fesod is vulnerable to Server-Side Request Forgery through its UrlImageConverter component
Moderate
CVE-2026-49328
was published
for
org.apache.fesod:fesod-sheet
(Maven)
Jun 1, 2026
Apache Fluss: Unauthenticated remote attackers can exhaust JVM heap memory using crafted frame headers via TabletServer/CoordinatorServer
High
CVE-2026-49361
was published
for
org.apache.fluss:fluss-common
(Maven)
Jun 1, 2026
ProTip!
Advisories are also available from the
GraphQL API