Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
52
Go
3,975
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

6,632 advisories

Loading
Netty has Insufficient Bailiwick Validation for NS Records High
CVE-2026-47691 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced Moderate
CVE-2026-47244 was published for io.netty:netty-codec-http2 (Maven) Jun 8, 2026
chrisvest Credited to chrisvest
Netty: SCTP reassembly nests buffers without bound High
CVE-2026-46340 was published for io.netty:netty-transport-sctp (Maven) Jun 8, 2026
Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records High
CVE-2026-45674 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port Moderate
CVE-2026-45673 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty: Unix-socket fd receive leaks descriptors when peer sends two at once Moderate
CVE-2026-45536 was published for io.netty:netty-transport-native-epoll (Maven) Jun 8, 2026
Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes High
CVE-2026-45416 was published for io.netty:netty-handler (Maven) Jun 8, 2026
Netty's Default QUIC token handler accepts any client-supplied token High
CVE-2026-44894 was published for io.netty:netty-codec-classes-quic (Maven) Jun 8, 2026
Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length High
CVE-2026-44893 was published for io.netty:netty-codec-haproxy (Maven) Jun 8, 2026
Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size High
CVE-2026-44892 was published for io.netty:netty-codec-http3 (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty has Unbounded Direct Memory Consumption in its RedisDecoder High
CVE-2026-44890 was published for io.netty:netty-codec-redis (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays High
CVE-2026-44250 was published for io.netty:netty-codec-redis (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking High
CVE-2026-44249 was published for io.netty:netty-handler (Maven) Jun 8, 2026
violetagg Credited to violetagg
epa4all-client: Unauthenticated REST API for Patient Record Writes Moderate
CVE-2026-47672 was published for com.oviva.telematik:epa4all-rest-service (Maven) Jun 4, 2026
snomi Credited to snomi and Volcore Volcore Volcore
CC-Tweaked has an SSRF Protection Bypass with NAT64 High
CVE-2026-47695 was published for cc.tweaked:cc-tweaked-1.19.3-core (Maven) May 29, 2026
JLLeitschuh Credited to JLLeitschuh
Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection Critical
CVE-2026-46621 was published for org.yamcs:yamcs-core (Maven) May 27, 2026
superpegaso2703 Credited to superpegaso2703
Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override Critical
CVE-2026-46562 was published for org.yamcs:yamcs-core (Maven) May 27, 2026
2BCEB1 Credited to 2BCEB1
Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory` Critical
CVE-2026-44632 was published for org.yamcs:yamcs-core (Maven) May 27, 2026
superpegaso2703 Credited to superpegaso2703
Yamcs has No Rate Limiting on Authentication Endpoint Moderate
CVE-2026-44596 was published for org.yamcs:yamcs-core (Maven) May 27, 2026
ex-cal1bur Credited to ex-cal1bur
Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints Moderate
CVE-2026-44595 was published for org.yamcs:yamcs-core (Maven) May 27, 2026
ex-cal1bur Credited to ex-cal1bur
Yamcs Vulnerable to LDAP Injection in LdapAuthModule Moderate
CVE-2026-42568 was published for org.yamcs:yamcs-core (Maven) May 26, 2026
ex-cal1bur Credited to ex-cal1bur
netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures Moderate
CVE-2026-41207 was published for io.netty.incubator:netty-incubator-codec-ohttp (Maven) May 26, 2026
XWiki Platform's Livetable results still allow reconstructing password hashes using 768 requests High
CVE-2026-48048 was published for org.xwiki.platform:xwiki-platform-livetable-ui (Maven) May 26, 2026
XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin Moderate
CVE-2026-48047 was published for org.xwiki.platform:xwiki-platform-webjars-api (Maven) May 26, 2026
XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName} Critical
CVE-2026-33137 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) May 26, 2026
odgrso Credited to odgrso
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database