Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

2,227 advisories

Loading
Apollo ConfigService access key authentication bypass via raw config file appId parsing High
CVE-2026-59955 was published for com.ctrip.framework.apollo:apollo (Maven) Jul 13, 2026
zhou-youyou Credited to zhou-youyou and Jarvis-Huanglz Jarvis-Huanglz Jarvis-Huanglz
Apollo ConfigService access key authentication bypass via appId parsing and non-canonical matching High
CVE-2026-59954 was published for com.ctrip.framework.apollo:apollo (Maven) Jul 13, 2026
zhou-youyou Credited to zhou-youyou and Jarvis-Huanglz Jarvis-Huanglz Jarvis-Huanglz
Jaspersoft Reports: Java Deserialization Vulnerability Lleads to Remote Code Execution (RCE) High
CVE-2026-6009 was published for net.sf.jasperreports:jasperreports (Maven) May 19, 2026
pmurck Credited to pmurck and yaso-bash yaso-bash yaso-bash
Infinispan: Deserialization of untrusted data in the Hot Rod Java client via automatic byte-array deserialization High
CVE-2016-0750 was published for org.infinispan:infinispan-core (Maven) May 13, 2022
Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records High
CVE-2026-45674 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty has Insufficient Bailiwick Validation for NS Records High
CVE-2026-47691 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator High
CVE-2026-48006 was published for io.netty:netty-codec-redis (Maven) Jun 11, 2026
Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion High
CVE-2026-48059 was published for io.netty:netty-codec-haproxy (Maven) Jun 11, 2026
Micronaut has unbounded `formattersCache` in `TimeConverterRegistrar` that Allows Memory Exhaustion via `Accept-Language` Header High
CVE-2026-44241 was published for io.micronaut:micronaut-context (Maven) May 6, 2026
offset Credited to offset
Apache ActiveMQ has an Incorrect Default Permissions vulnerability High
CVE-2026-49157 was published for org.apache.activemq:apache-activemq (Maven) Jun 1, 2026
Apache MINA SSHD bundle sshd-git has a path traversal vulnerability High
CVE-2026-48827 was published for org.apache.sshd:sshd-git (Maven) Jun 1, 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ have a Code Injection issue High
CVE-2026-45505 was published for org.apache.activemq:activemq-all (Maven) Jun 1, 2026
Apache Solr has hardcoded credentials in the Basic Authentication setup tool High
CVE-2026-44825 was published for org.apache.solr:solr-core (Maven) Jun 1, 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ have a Code Injection issue High
CVE-2026-42588 was published for org.apache.activemq:activemq-all (Maven) Jun 1, 2026
org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint High
CVE-2026-49485 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (Maven) Jul 9, 2026
Micronaut doesn't set a maximum redirect count for its HTTP Client, enabling infinite loop DoS High
GHSA-387m-935m-c4vw was published for io.micronaut:micronaut-http-client (Maven) Jul 9, 2026
sdelamo Credited to sdelamo
NL Portal: IDOR allows any authenticated user to complete and tamper with another user's taak High
CVE-2026-49464 was published for nl.nl-portal:taak (Maven) Jul 8, 2026
DSpace has possible Remote Code Execution (RCE) through Velocity Templates used by LDN High
CVE-2026-49832 was published for org.dspace:dspace-api (Maven) Jul 8, 2026
superpegaso2703 Credited to superpegaso2703 and kshepherd kshepherd kshepherd
Apache ActiveMQ Artemis Uncontrolled Resource Consumption (DoS) High
CVE-2022-23913 was published for org.apache.activemq:artemis-core-client (Maven) Feb 6, 2022
Apache Directory LDAP API lacks server certificate verification for LDAP hostnames High
CVE-2026-35563 was published for org.apache.directory.api:api-ldap-client-api (Maven) Jun 1, 2026
Apache ActiveMQ Artemis vulnerable to Improper Access Control High
CVE-2021-26118 was published for org.apache.activemq:artemis-openwire-protocol (Maven) Jun 16, 2021
XWiki Platform Old Core: Resource path traversal via /skin/ action endpoint in Jetty 12+ High
CVE-2026-34151 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jul 7, 2026
khoaln98 Credited to khoaln98
OpenRemote has Authenticated SQL Injection via Datapoint Crosstab Export High
GHSA-cgfv-jrfp-2r7v was published for io.openremote:openremote-manager (Maven) Jul 6, 2026
aramosf Credited to aramosf
dyingman1 Credited to dyingman1
ProTip! Advisories are also available from the GraphQL API