GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
895 advisories
OpenMRS Module Upload Vulnerable to Path Traversal (Zip Slip)
Critical
CVE-2026-40076
was published
for
org.openmrs.web:openmrs-web
(Maven)
May 4, 2026
fabric-sdk-java has ObjectInputStream.readObject() without ObjectInputFilter, which allows Java deserialization RCE
Critical
CVE-2026-41586
was published
for
org.hyperledger.fabric-sdk-java:fabric-sdk-java
(Maven)
Apr 29, 2026
Apache Camel has an incomplete fix for CVE-2025-27636
Critical
CVE-2026-40453
was published
for
org.apache.camel:camel-coap
(Maven)
Apr 27, 2026
Spinnaker: RCE via expression parsing due to unrestricted context handling
Critical
CVE-2026-32613
was published
for
io.spinnaker.echo:echo-pipelinetriggers
(Maven)
Apr 21, 2026
Spinnaker: RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths
Critical
CVE-2026-32604
was published
for
io.spinnaker.clouddriver:clouddriver-artifacts-gitrepo
(Maven)
Apr 21, 2026
Expression Injection in OpenRemote
Critical
CVE-2026-39842
was published
for
io.openremote:openremote-manager
(Maven)
Apr 14, 2026
Apache Tomcat: CLIENT_CERT authentication does not fail as expected
Critical
CVE-2026-29145
was published
for
org.apache.tomcat:tomcat
(Maven)
Apr 9, 2026
Emissary has GitHub Actions Shell Injection via Workflow Inputs
Critical
CVE-2026-35580
was published
for
gov.nsa.emissary:emissary
(Maven)
Apr 8, 2026
ProTip!
Advisories are also available from the
GraphQL API