GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,297
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
908 advisories
Filter by severity
Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass
Critical
CVE-2026-47065
was published
for
org.apache.mina:mina-core
(Maven)
Jun 3, 2026
Apache Derby: LDAP injection vulnerability in authenticator
Critical
CVE-2022-46337
was published
for
org.apache.derby:derby
(Maven)
Nov 20, 2023
Deserialization of Untrusted Data in Jython
Critical
CVE-2016-4000
was published
for
org.python:jython
(Maven)
May 13, 2022
LaunchServer FileServerHandler has an unauthenticated path traversal issue
Critical
CVE-2026-54617
was published
for
pro.gravit.launcher:launchserver-api
(Maven)
Jul 2, 2026
OpenRemote Manager: removeAlarms cross-realm IDOR (bulk delete)
Critical
CVE-2026-57168
was published
for
io.openremote:openremote-manager
(Maven)
Jun 19, 2026
Bouncy Castle for Java GOST 28147 CTR mode reuses keystream after 255 blocks
Critical
CVE-2025-14813
was published
for
org.bouncycastle:bcprov-debug-jdk14
(Maven)
Apr 17, 2026
Opendaylight will authenticate any username and password combination
Critical
CVE-2015-1778
was published
for
org.opendaylight.odlparent:opendaylight-karaf-resources
(Maven)
May 17, 2022
Apache CXF has an LDAP injection vulnerability
Critical
CVE-2026-44930
was published
for
org.apache.cxf.services.xkms:cxf-services-xkms-x509-repo-ldap
(Maven)
May 26, 2026
OpenAM Pre-auth User Profile Tampering via Anonymous SOAP Authn in Liberty IDPP/Discovery Endpoints
Critical
CVE-2026-45052
was published
for
org.openidentityplatform.openam:openam-federation-library
(Maven)
Jun 24, 2026
OpenAM: Pre-auth RCE via Java Deserialization in WebAuthn Authenticator Storage
Critical
CVE-2026-45051
was published
for
org.openidentityplatform.openam:openam-auth-webauthn
(Maven)
Jun 24, 2026
OpenDJ Pre-Auth RCE via Java Deserialization in JMX RMI
Critical
CVE-2026-46495
was published
for
org.openidentityplatform.opendj:opendj-server-legacy
(Maven)
Jun 22, 2026
OpenAM has pre-auth Reflected XSS in OAuth2 / OIDC response_mode=form_post via state parameter (FormPostResponse.ftl)
Critical
CVE-2026-44203
was published
for
org.openidentityplatform.openam:openam-oauth2
(Maven)
Jun 22, 2026
xwiki-pro-macros has remote code execution from page title and content via excerpt-include macro
Critical
CVE-2026-44179
was published
for
com.xwiki.pro:xwiki-pro-macros
(Maven)
Jun 22, 2026
Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks
Critical
CVE-2026-32967
was published
for
org.apache.dolphinscheduler:dolphinscheduler-api
(Maven)
Jun 17, 2026
Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure
Critical
CVE-2026-32966
was published
for
org.apache.dolphinscheduler:dolphinscheduler-api
(Maven)
Jun 17, 2026
HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory
Critical
CVE-2026-55471
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.utilities
(Maven)
Jun 17, 2026
Spring Cloud Config vulnerable to Path Traversal
Critical
CVE-2026-40982
was published
for
org.springframework.cloud:spring-cloud-config-server
(Maven)
May 7, 2026
dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution
Critical
CVE-2026-33728
was published
for
com.datadoghq:dd-java-agent
(Maven)
Mar 26, 2026
http4k has a potential XXE (XML External Entity Injection) vulnerability
Critical
CVE-2024-55875
was published
for
org.http4k:http4k-format-xml
(Maven)
Dec 12, 2024
Deserialization of Untrusted Data in Log4j
Critical
CVE-2019-17571
was published
for
log4j:log4j
(Maven)
Jan 6, 2020
Mapfish Print: Remote Code Injection (RCE) in Dynamic table
Critical
CVE-2026-44672
was published
for
org.mapfish.print:print-lib
(Maven)
May 13, 2026
Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy
Critical
CVE-2026-45083
was published
for
io.goobi.viewer:viewer-core
(Maven)
May 13, 2026
Apache Tomcat affected by vulnerability in TLS and SSL protocol
Critical
CVE-2009-3555
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
SQL Injection in Log4j 1.2.x
Critical
CVE-2022-23305
was published
for
log4j:log4j
(Maven)
Jan 21, 2022
Apache IoTDB: Deserialization of untrusted Data
Critical
CVE-2025-48459
was published
for
apache-iotdb
(Maven)
Sep 24, 2025
ProTip!
Advisories are also available from the
GraphQL API