GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
6,794 advisories
Filter by severity
Jaspersoft Reports: Java Deserialization Vulnerability Lleads to Remote Code Execution (RCE)
High
CVE-2026-6009
was published
for
net.sf.jasperreports:jasperreports
(Maven)
May 19, 2026
Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login
Low
CVE-2026-48589
was published
for
org.apache.shiro:shiro-jakarta-ee
(Maven)
May 26, 2026
Infinispan: Deserialization of untrusted data in the Hot Rod Java client via automatic byte-array deserialization
High
CVE-2016-0750
was published
for
org.infinispan:infinispan-core
(Maven)
May 13, 2022
netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion
Moderate
CVE-2026-48043
was published
for
io.netty:netty-codec-http2
(Maven)
Jun 11, 2026
Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records
High
CVE-2026-45674
was published
for
io.netty:netty-resolver-dns
(Maven)
Jun 8, 2026
Netty has Insufficient Bailiwick Validation for NS Records
High
CVE-2026-47691
was published
for
io.netty:netty-resolver-dns
(Maven)
Jun 8, 2026
Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion
High
CVE-2026-48059
was published
for
io.netty:netty-codec-haproxy
(Maven)
Jun 11, 2026
Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator
High
CVE-2026-48006
was published
for
io.netty:netty-codec-redis
(Maven)
Jun 11, 2026
Micronaut has unbounded `formattersCache` in `TimeConverterRegistrar` that Allows Memory Exhaustion via `Accept-Language` Header
High
CVE-2026-44241
was published
for
io.micronaut:micronaut-context
(Maven)
May 6, 2026
Apache Calcite is Vulnerable to Use of Externally-Controlled Input to Select Classes
Moderate
CVE-2026-46718
was published
for
org.apache.calcite:calcite-core
(Maven)
Jun 2, 2026
Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All have an Exposure of Sensitive Information Through Metadata vulnerability
Moderate
CVE-2026-49270
was published
for
org.apache.activemq:activemq-all
(Maven)
Jun 1, 2026
Apache ActiveMQ has an Incorrect Default Permissions vulnerability
High
CVE-2026-49157
was published
for
org.apache.activemq:apache-activemq
(Maven)
Jun 1, 2026
Apache MINA SSHD bundle sshd-git has a path traversal vulnerability
High
CVE-2026-48827
was published
for
org.apache.sshd:sshd-git
(Maven)
Jun 1, 2026
Apache ActiveMQ server has an incomplete authorization workflow
Moderate
CVE-2026-46605
was published
for
org.apache.activemq:apache-activemq
(Maven)
Jun 1, 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ have a Code Injection issue
High
CVE-2026-45505
was published
for
org.apache.activemq:activemq-all
(Maven)
Jun 1, 2026
Apache Solr has hardcoded credentials in the Basic Authentication setup tool
High
CVE-2026-44825
was published
for
org.apache.solr:solr-core
(Maven)
Jun 1, 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ have a Code Injection issue
High
CVE-2026-42588
was published
for
org.apache.activemq:activemq-all
(Maven)
Jun 1, 2026
Apache ActiveMQ, Apache ActiveMQ Web have a Cross-site Scripting issue
Moderate
CVE-2026-42253
was published
for
org.apache.activemq:activemq-web
(Maven)
Jun 1, 2026
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11022
was published
for
athlon1600/youtube-downloader
(RubyGems)
Apr 29, 2020
org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint
High
CVE-2026-49485
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2
(Maven)
Jul 9, 2026
Spring Cloud Function Context has Uncontrolled Recursion
Moderate
CVE-2026-40989
was published
for
org.springframework.cloud:spring-cloud-function-context
(Maven)
Jun 1, 2026
Spring Cloud Function Context: Uncontrolled Recursion is possible while attempting to add infinite amount of functions to Function Registry
Moderate
CVE-2026-40990
was published
for
org.springframework.cloud:spring-cloud-function-context
(Maven)
Jun 1, 2026
Micronaut: DefaultHttpClient follows redirects, forwarding Authorization, Cookie, and Proxy-Authorization headers
Moderate
GHSA-q6gh-6v2r-hjv3
was published
for
io.micronaut:micronaut-http-client
(Maven)
Jul 9, 2026
Micronaut doesn't set a maximum redirect count for its HTTP Client, enabling infinite loop DoS
High
GHSA-387m-935m-c4vw
was published
for
io.micronaut:micronaut-http-client
(Maven)
Jul 9, 2026
NL Portal: IDOR allows any authenticated user to complete and tamper with another user's taak
High
CVE-2026-49464
was published
for
nl.nl-portal:taak
(Maven)
Jul 8, 2026
ProTip!
Advisories are also available from the
GraphQL API