Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

6,798 advisories

Loading
Apollo ConfigService access key authentication bypass via raw config file appId parsing High
CVE-2026-59955 was published for com.ctrip.framework.apollo:apollo (Maven) Jul 13, 2026
zhou-youyou Credited to zhou-youyou and Jarvis-Huanglz Jarvis-Huanglz Jarvis-Huanglz
Apollo ConfigService access key authentication bypass via appId parsing and non-canonical matching High
CVE-2026-59954 was published for com.ctrip.framework.apollo:apollo (Maven) Jul 13, 2026
zhou-youyou Credited to zhou-youyou and Jarvis-Huanglz Jarvis-Huanglz Jarvis-Huanglz
Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass Critical
CVE-2026-47065 was published for org.apache.mina:mina-core (Maven) Jun 3, 2026
Apollo Portal: There is a risk of unauthorized access to the Apollo configuration center Moderate
CVE-2025-32781 was published for com.ctrip.framework.apollo:apollo (Maven) Jul 13, 2026
lesignals Credited to lesignals
Jaspersoft Reports: Java Deserialization Vulnerability Lleads to Remote Code Execution (RCE) High
CVE-2026-6009 was published for net.sf.jasperreports:jasperreports (Maven) May 19, 2026
pmurck Credited to pmurck and yaso-bash yaso-bash yaso-bash
Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login Low
CVE-2026-48589 was published for org.apache.shiro:shiro-jakarta-ee (Maven) May 26, 2026
yeikel Credited to yeikel
Infinispan: Deserialization of untrusted data in the Hot Rod Java client via automatic byte-array deserialization High
CVE-2016-0750 was published for org.infinispan:infinispan-core (Maven) May 13, 2022
netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion Moderate
CVE-2026-48043 was published for io.netty:netty-codec-http2 (Maven) Jun 11, 2026
Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records High
CVE-2026-45674 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty has Insufficient Bailiwick Validation for NS Records High
CVE-2026-47691 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator High
CVE-2026-48006 was published for io.netty:netty-codec-redis (Maven) Jun 11, 2026
Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion High
CVE-2026-48059 was published for io.netty:netty-codec-haproxy (Maven) Jun 11, 2026
Micronaut has unbounded `formattersCache` in `TimeConverterRegistrar` that Allows Memory Exhaustion via `Accept-Language` Header High
CVE-2026-44241 was published for io.micronaut:micronaut-context (Maven) May 6, 2026
offset Credited to offset
Apache Calcite is Vulnerable to Use of Externally-Controlled Input to Select Classes Moderate
CVE-2026-46718 was published for org.apache.calcite:calcite-core (Maven) Jun 2, 2026
Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All have an Exposure of Sensitive Information Through Metadata vulnerability Moderate
CVE-2026-49270 was published for org.apache.activemq:activemq-all (Maven) Jun 1, 2026
Apache ActiveMQ has an Incorrect Default Permissions vulnerability High
CVE-2026-49157 was published for org.apache.activemq:apache-activemq (Maven) Jun 1, 2026
Apache MINA SSHD bundle sshd-git has a path traversal vulnerability High
CVE-2026-48827 was published for org.apache.sshd:sshd-git (Maven) Jun 1, 2026
Apache ActiveMQ server has an incomplete authorization workflow Moderate
CVE-2026-46605 was published for org.apache.activemq:apache-activemq (Maven) Jun 1, 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ have a Code Injection issue High
CVE-2026-45505 was published for org.apache.activemq:activemq-all (Maven) Jun 1, 2026
Apache Solr has hardcoded credentials in the Basic Authentication setup tool High
CVE-2026-44825 was published for org.apache.solr:solr-core (Maven) Jun 1, 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ have a Code Injection issue High
CVE-2026-42588 was published for org.apache.activemq:activemq-all (Maven) Jun 1, 2026
Apache ActiveMQ, Apache ActiveMQ Web have a Cross-site Scripting issue Moderate
CVE-2026-42253 was published for org.apache.activemq:activemq-web (Maven) Jun 1, 2026
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11022 was published for athlon1600/youtube-downloader (RubyGems) Apr 29, 2020
masatokinugawa Credited to masatokinugawa, Churro, Rudloff, sealonohana, and Athlon1600 Churro Churro
Rudloff Rudloff sealonohana sealonohana Athlon1600 Athlon1600
org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint High
CVE-2026-49485 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (Maven) Jul 9, 2026
Spring Cloud Function Context has Uncontrolled Recursion Moderate
CVE-2026-40989 was published for org.springframework.cloud:spring-cloud-function-context (Maven) Jun 1, 2026
ProTip! Advisories are also available from the GraphQL API