Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

3,177 advisories

Loading
Yamcs has No Rate Limiting on Authentication Endpoint Moderate
CVE-2026-44596 was published for org.yamcs:yamcs-core (Maven) May 27, 2026
ex-cal1bur Credited to ex-cal1bur
Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints Moderate
CVE-2026-44595 was published for org.yamcs:yamcs-core (Maven) May 27, 2026
ex-cal1bur Credited to ex-cal1bur
Yamcs Vulnerable to LDAP Injection in LdapAuthModule Moderate
CVE-2026-42568 was published for org.yamcs:yamcs-core (Maven) May 26, 2026
ex-cal1bur Credited to ex-cal1bur
netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures Moderate
CVE-2026-41207 was published for io.netty.incubator:netty-incubator-codec-ohttp (Maven) May 26, 2026
XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin Moderate
CVE-2026-48047 was published for org.xwiki.platform:xwiki-platform-webjars-api (Maven) May 26, 2026
Beetl's SpELFunction extension function has an expression injection risk Moderate
CVE-2026-8759 was published for com.ibeetl:beetl-spring-classic (Maven) May 17, 2026
Apache Commons Configuration: StackOverflowError for YAML input with cycles Moderate
CVE-2026-45205 was published for org.apache.commons:commons-configuration2 (Maven) May 14, 2026
Apache Tomcat: CLIENT_CERT authentication does not fail as expected Moderate
CVE-2026-34500 was published for org.apache.tomcat:tomcat-coyote-ffm (Maven) Apr 9, 2026
aruneko Credited to aruneko
Bouncy Castle has a vulnerability in program files gcm128w, gcm512w Moderate
CVE-2026-8149 was published for org.bouncycastle:bc-fips (Maven) May 8, 2026
fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode Moderate
CVE-2026-45581 was published for org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim (Maven) May 19, 2026
lalalala5678 Credited to lalalala5678 and bestbeforetoday bestbeforetoday bestbeforetoday
Spring Cloud AWS missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications Moderate
CVE-2026-44308 was published for io.awspring.cloud:spring-cloud-aws-sns (Maven) May 7, 2026
MatejNedic Credited to MatejNedic
Netty MQTT: Resource exhaustion in MqttDecoder Moderate
CVE-2026-44248 was published for io.netty:netty-codec-mqtt (Maven) May 7, 2026
chrisvest Credited to chrisvest
Netty Redis Codec Encoder has a CRLF Injection Issue Moderate
CVE-2026-42586 was published for io.netty:netty-codec-redis (Maven) May 7, 2026
Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding Moderate
CVE-2026-42585 was published for io.netty:netty-codec-http (Maven) May 7, 2026
violetagg Credited to violetagg
Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization Moderate
CVE-2026-42581 was published for io.netty:netty-codec-http (Maven) May 7, 2026
subbudvk Credited to subbudvk
Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing Moderate
CVE-2026-42580 was published for io.netty:netty-codec-http (Maven) May 7, 2026
violetagg Credited to violetagg
OpenTelemetry Java SDK has Unbounded Memory Allocation in W3C Baggage Propagation Moderate
CVE-2026-45292 was published for io.opentelemetry:opentelemetry-api (Maven) May 14, 2026
August829 Credited to August829, trask, and jack-berg trask trask
jack-berg jack-berg
Alkacon OpenCms is vulnerable to XSS via cmis-online/type Moderate
CVE-2023-42343 was published for org.opencms:opencms-core (Maven) May 8, 2026
Alkacon OpenCms is vulnerable to XSS via updateModelGroups.jsp Moderate
CVE-2023-42345 was published for org.opencms:opencms-core (Maven) May 8, 2026
Withdrawn Advisory: Apache Struts XSS Moderate
CVE-2012-1007 was published for org.apache.struts:struts-core (Maven) May 14, 2022 withdrawn
warkentyne Credited to warkentyne and urielcos urielcos urielcos
Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation Moderate
CVE-2025-8916 was published for org.bouncycastle:bcpkix-fips (Maven) Aug 13, 2025
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakime Credited to joakime, faroukfaiz10, DuyTran-TomTom, derekheld, ebickle, and westonsteimel faroukfaiz10 faroukfaiz10
DuyTran-TomTom DuyTran-TomTom derekheld derekheld ebickle ebickle westonsteimel westonsteimel
Vert.x has a DoS via unbounded server-side SNI SslContext cache growth Moderate
CVE-2026-6860 was published for io.vertx:vertx-core (Maven) May 9, 2026
shblue21 Credited to shblue21
quarkus-openapi-generator has overly broad path-parameter matching that sends authentication headers to unintended operations Moderate
CVE-2026-42333 was published for io.quarkiverse.openapi.generator:quarkus-openapi-generator (Maven) May 4, 2026
Jvr2022 Credited to Jvr2022 and ricardozanini ricardozanini ricardozanini
Spring Cloud Config Server Logged Sensitive Information Moderate
CVE-2026-41004 was published for org.springframework.cloud:spring-cloud-config-server (Maven) May 7, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database