GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,297
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
2,227 advisories
Filter by severity
Apollo ConfigService access key authentication bypass via raw config file appId parsing
High
CVE-2026-59955
was published
for
com.ctrip.framework.apollo:apollo
(Maven)
Jul 13, 2026
Apollo ConfigService access key authentication bypass via appId parsing and non-canonical matching
High
CVE-2026-59954
was published
for
com.ctrip.framework.apollo:apollo
(Maven)
Jul 13, 2026
Jaspersoft Reports: Java Deserialization Vulnerability Lleads to Remote Code Execution (RCE)
High
CVE-2026-6009
was published
for
net.sf.jasperreports:jasperreports
(Maven)
May 19, 2026
Infinispan: Deserialization of untrusted data in the Hot Rod Java client via automatic byte-array deserialization
High
CVE-2016-0750
was published
for
org.infinispan:infinispan-core
(Maven)
May 13, 2022
Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records
High
CVE-2026-45674
was published
for
io.netty:netty-resolver-dns
(Maven)
Jun 8, 2026
Netty has Insufficient Bailiwick Validation for NS Records
High
CVE-2026-47691
was published
for
io.netty:netty-resolver-dns
(Maven)
Jun 8, 2026
Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator
High
CVE-2026-48006
was published
for
io.netty:netty-codec-redis
(Maven)
Jun 11, 2026
Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion
High
CVE-2026-48059
was published
for
io.netty:netty-codec-haproxy
(Maven)
Jun 11, 2026
Micronaut has unbounded `formattersCache` in `TimeConverterRegistrar` that Allows Memory Exhaustion via `Accept-Language` Header
High
CVE-2026-44241
was published
for
io.micronaut:micronaut-context
(Maven)
May 6, 2026
Apache ActiveMQ has an Incorrect Default Permissions vulnerability
High
CVE-2026-49157
was published
for
org.apache.activemq:apache-activemq
(Maven)
Jun 1, 2026
Apache MINA SSHD bundle sshd-git has a path traversal vulnerability
High
CVE-2026-48827
was published
for
org.apache.sshd:sshd-git
(Maven)
Jun 1, 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ have a Code Injection issue
High
CVE-2026-45505
was published
for
org.apache.activemq:activemq-all
(Maven)
Jun 1, 2026
Apache Solr has hardcoded credentials in the Basic Authentication setup tool
High
CVE-2026-44825
was published
for
org.apache.solr:solr-core
(Maven)
Jun 1, 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ have a Code Injection issue
High
CVE-2026-42588
was published
for
org.apache.activemq:activemq-all
(Maven)
Jun 1, 2026
org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint
High
CVE-2026-49485
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2
(Maven)
Jul 9, 2026
Micronaut doesn't set a maximum redirect count for its HTTP Client, enabling infinite loop DoS
High
GHSA-387m-935m-c4vw
was published
for
io.micronaut:micronaut-http-client
(Maven)
Jul 9, 2026
NL Portal: IDOR allows any authenticated user to complete and tamper with another user's taak
High
CVE-2026-49464
was published
for
nl.nl-portal:taak
(Maven)
Jul 8, 2026
DSpace has possible Remote Code Execution (RCE) through Velocity Templates used by LDN
High
CVE-2026-49832
was published
for
org.dspace:dspace-api
(Maven)
Jul 8, 2026
Apache Fluss: Unauthenticated remote attackers can exhaust JVM heap memory using crafted frame headers via TabletServer/CoordinatorServer
High
CVE-2026-49361
was published
for
org.apache.fluss:fluss-common
(Maven)
Jun 1, 2026
Apache ActiveMQ Artemis Uncontrolled Resource Consumption (DoS)
High
CVE-2022-23913
was published
for
org.apache.activemq:artemis-core-client
(Maven)
Feb 6, 2022
Apache Directory LDAP API lacks server certificate verification for LDAP hostnames
High
CVE-2026-35563
was published
for
org.apache.directory.api:api-ldap-client-api
(Maven)
Jun 1, 2026
Apache ActiveMQ Artemis vulnerable to Improper Access Control
High
CVE-2021-26118
was published
for
org.apache.activemq:artemis-openwire-protocol
(Maven)
Jun 16, 2021
XWiki Platform Old Core: Resource path traversal via /skin/ action endpoint in Jetty 12+
High
CVE-2026-34151
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jul 7, 2026
OpenRemote has Authenticated SQL Injection via Datapoint Crosstab Export
High
GHSA-cgfv-jrfp-2r7v
was published
for
io.openremote:openremote-manager
(Maven)
Jul 6, 2026
OpenRemote has an incomplete fix for CVE-2026-40882: XXE in KNXProtocol.startAssetImport() allows arbitrary file read via unprotected XMLInputFactory
High
CVE-2026-54640
was published
for
io.openremote:openremote-agent
(Maven)
Jul 6, 2026
ProTip!
Advisories are also available from the
GraphQL API