Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

6,794 advisories

Loading
Jaspersoft Reports: Java Deserialization Vulnerability Lleads to Remote Code Execution (RCE) High
CVE-2026-6009 was published for net.sf.jasperreports:jasperreports (Maven) May 19, 2026
pmurck Credited to pmurck and yaso-bash yaso-bash yaso-bash
Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login Low
CVE-2026-48589 was published for org.apache.shiro:shiro-jakarta-ee (Maven) May 26, 2026
yeikel Credited to yeikel
Infinispan: Deserialization of untrusted data in the Hot Rod Java client via automatic byte-array deserialization High
CVE-2016-0750 was published for org.infinispan:infinispan-core (Maven) May 13, 2022
netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion Moderate
CVE-2026-48043 was published for io.netty:netty-codec-http2 (Maven) Jun 11, 2026
Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records High
CVE-2026-45674 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty has Insufficient Bailiwick Validation for NS Records High
CVE-2026-47691 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion High
CVE-2026-48059 was published for io.netty:netty-codec-haproxy (Maven) Jun 11, 2026
Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator High
CVE-2026-48006 was published for io.netty:netty-codec-redis (Maven) Jun 11, 2026
Micronaut has unbounded `formattersCache` in `TimeConverterRegistrar` that Allows Memory Exhaustion via `Accept-Language` Header High
CVE-2026-44241 was published for io.micronaut:micronaut-context (Maven) May 6, 2026
offset Credited to offset
Apache Calcite is Vulnerable to Use of Externally-Controlled Input to Select Classes Moderate
CVE-2026-46718 was published for org.apache.calcite:calcite-core (Maven) Jun 2, 2026
Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All have an Exposure of Sensitive Information Through Metadata vulnerability Moderate
CVE-2026-49270 was published for org.apache.activemq:activemq-all (Maven) Jun 1, 2026
Apache ActiveMQ has an Incorrect Default Permissions vulnerability High
CVE-2026-49157 was published for org.apache.activemq:apache-activemq (Maven) Jun 1, 2026
Apache MINA SSHD bundle sshd-git has a path traversal vulnerability High
CVE-2026-48827 was published for org.apache.sshd:sshd-git (Maven) Jun 1, 2026
Apache ActiveMQ server has an incomplete authorization workflow Moderate
CVE-2026-46605 was published for org.apache.activemq:apache-activemq (Maven) Jun 1, 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ have a Code Injection issue High
CVE-2026-45505 was published for org.apache.activemq:activemq-all (Maven) Jun 1, 2026
Apache Solr has hardcoded credentials in the Basic Authentication setup tool High
CVE-2026-44825 was published for org.apache.solr:solr-core (Maven) Jun 1, 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ have a Code Injection issue High
CVE-2026-42588 was published for org.apache.activemq:activemq-all (Maven) Jun 1, 2026
Apache ActiveMQ, Apache ActiveMQ Web have a Cross-site Scripting issue Moderate
CVE-2026-42253 was published for org.apache.activemq:activemq-web (Maven) Jun 1, 2026
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11022 was published for athlon1600/youtube-downloader (RubyGems) Apr 29, 2020
masatokinugawa Credited to masatokinugawa, Churro, Rudloff, sealonohana, and Athlon1600 Churro Churro
Rudloff Rudloff sealonohana sealonohana Athlon1600 Athlon1600
org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint High
CVE-2026-49485 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (Maven) Jul 9, 2026
Spring Cloud Function Context has Uncontrolled Recursion Moderate
CVE-2026-40989 was published for org.springframework.cloud:spring-cloud-function-context (Maven) Jun 1, 2026
Spring Cloud Function Context: Uncontrolled Recursion is possible while attempting to add infinite amount of functions to Function Registry Moderate
CVE-2026-40990 was published for org.springframework.cloud:spring-cloud-function-context (Maven) Jun 1, 2026
Micronaut: DefaultHttpClient follows redirects, forwarding Authorization, Cookie, and Proxy-Authorization headers Moderate
GHSA-q6gh-6v2r-hjv3 was published for io.micronaut:micronaut-http-client (Maven) Jul 9, 2026
sdelamo Credited to sdelamo
Micronaut doesn't set a maximum redirect count for its HTTP Client, enabling infinite loop DoS High
GHSA-387m-935m-c4vw was published for io.micronaut:micronaut-http-client (Maven) Jul 9, 2026
sdelamo Credited to sdelamo
NL Portal: IDOR allows any authenticated user to complete and tamper with another user's taak High
CVE-2026-49464 was published for nl.nl-portal:taak (Maven) Jul 8, 2026
ProTip! Advisories are also available from the GraphQL API