Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

908 advisories

Loading
Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass Critical
CVE-2026-47065 was published for org.apache.mina:mina-core (Maven) Jun 3, 2026
Apache Derby: LDAP injection vulnerability in authenticator Critical
CVE-2022-46337 was published for org.apache.derby:derby (Maven) Nov 20, 2023
pdeslaur Credited to pdeslaur and theinfosecguy theinfosecguy theinfosecguy
Deserialization of Untrusted Data in Jython Critical
CVE-2016-4000 was published for org.python:jython (Maven) May 13, 2022
theinfosecguy Credited to theinfosecguy
LaunchServer FileServerHandler has an unauthenticated path traversal issue Critical
CVE-2026-54617 was published for pro.gravit.launcher:launchserver-api (Maven) Jul 2, 2026
getclaude Credited to getclaude
OpenRemote Manager: removeAlarms cross-realm IDOR (bulk delete) Critical
CVE-2026-57168 was published for io.openremote:openremote-manager (Maven) Jun 19, 2026
Forklit Credited to Forklit and vladkoniakhinmob vladkoniakhinmob vladkoniakhinmob
Bouncy Castle for Java GOST 28147 CTR mode reuses keystream after 255 blocks Critical
CVE-2025-14813 was published for org.bouncycastle:bcprov-debug-jdk14 (Maven) Apr 17, 2026
simon-reisinger-dynatrace Credited to simon-reisinger-dynatrace
Opendaylight will authenticate any username and password combination Critical
CVE-2015-1778 was published for org.opendaylight.odlparent:opendaylight-karaf-resources (Maven) May 17, 2022
simon-reisinger-dynatrace Credited to simon-reisinger-dynatrace
Apache CXF has an LDAP injection vulnerability Critical
CVE-2026-44930 was published for org.apache.cxf.services.xkms:cxf-services-xkms-x509-repo-ldap (Maven) May 26, 2026
OpenAM Pre-auth User Profile Tampering via Anonymous SOAP Authn in Liberty IDPP/Discovery Endpoints Critical
CVE-2026-45052 was published for org.openidentityplatform.openam:openam-federation-library (Maven) Jun 24, 2026
wodzen Credited to wodzen
OpenAM: Pre-auth RCE via Java Deserialization in WebAuthn Authenticator Storage Critical
CVE-2026-45051 was published for org.openidentityplatform.openam:openam-auth-webauthn (Maven) Jun 24, 2026
wodzen Credited to wodzen
OpenDJ Pre-Auth RCE via Java Deserialization in JMX RMI Critical
CVE-2026-46495 was published for org.openidentityplatform.opendj:opendj-server-legacy (Maven) Jun 22, 2026
wodzen Credited to wodzen
OpenAM has pre-auth Reflected XSS in OAuth2 / OIDC response_mode=form_post via state parameter (FormPostResponse.ftl) Critical
CVE-2026-44203 was published for org.openidentityplatform.openam:openam-oauth2 (Maven) Jun 22, 2026
gujjuboy10x00 Credited to gujjuboy10x00 and wodzen wodzen wodzen
xwiki-pro-macros has remote code execution from page title and content via excerpt-include macro Critical
CVE-2026-44179 was published for com.xwiki.pro:xwiki-pro-macros (Maven) Jun 22, 2026
michitux Credited to michitux
Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks Critical
CVE-2026-32967 was published for org.apache.dolphinscheduler:dolphinscheduler-api (Maven) Jun 17, 2026
Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure Critical
CVE-2026-32966 was published for org.apache.dolphinscheduler:dolphinscheduler-api (Maven) Jun 17, 2026
HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory Critical
CVE-2026-55471 was published for ca.uhn.hapi.fhir:org.hl7.fhir.utilities (Maven) Jun 17, 2026
Spring Cloud Config vulnerable to Path Traversal Critical
CVE-2026-40982 was published for org.springframework.cloud:spring-cloud-config-server (Maven) May 7, 2026
scottfrederick Credited to scottfrederick
dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution Critical
CVE-2026-33728 was published for com.datadoghq:dd-java-agent (Maven) Mar 26, 2026
amine123ait Credited to amine123ait
http4k has a potential XXE (XML External Entity Injection) vulnerability Critical
CVE-2024-55875 was published for org.http4k:http4k-format-xml (Maven) Dec 12, 2024
JAckLosingHeart Credited to JAckLosingHeart
Deserialization of Untrusted Data in Log4j Critical
CVE-2019-17571 was published for log4j:log4j (Maven) Jan 6, 2020
scothale Credited to scothale and SebGondron SebGondron SebGondron
Mapfish Print: Remote Code Injection (RCE) in Dynamic table Critical
CVE-2026-44672 was published for org.mapfish.print:print-lib (Maven) May 13, 2026
Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy Critical
CVE-2026-45083 was published for io.goobi.viewer:viewer-core (Maven) May 13, 2026
Apache Tomcat affected by vulnerability in TLS and SSL protocol Critical
CVE-2009-3555 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 Credited to MarkLee131 and sunSUNQ sunSUNQ sunSUNQ
SQL Injection in Log4j 1.2.x Critical
CVE-2022-23305 was published for log4j:log4j (Maven) Jan 21, 2022
SebGondron Credited to SebGondron
Apache IoTDB: Deserialization of untrusted Data Critical
CVE-2025-48459 was published for apache-iotdb (Maven) Sep 24, 2025
cai0duque Credited to cai0duque
ProTip! Advisories are also available from the GraphQL API