GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
23 advisories
Netty has Insufficient Bailiwick Validation for NS Records
High
CVE-2026-47691
was published
for
io.netty:netty-resolver-dns
(Maven)
Jun 8, 2026
Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records
High
CVE-2026-45674
was published
for
io.netty:netty-resolver-dns
(Maven)
Jun 8, 2026
Spring Cloud AWS missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications
Moderate
CVE-2026-44308
was published
for
io.awspring.cloud:spring-cloud-aws-sns
(Maven)
May 7, 2026
Duplicate Advisory: WildFly Elytron OpenID Connect Client Extension authorization code injection attack
Moderate
GHSA-4v5x-9m47-cqr2
was published
for
org.wildfly:wildfly-elytron-oidc-client-subsystem
(Maven)
Dec 9, 2024
•
withdrawn
sigstore-java has vulnerability with bundle verification
Moderate
CVE-2024-53267
was published
for
dev.sigstore:sigstore-java
(Maven)
Nov 26, 2024
Graylog vulnerable to insecure source port usage for DNS queries
Low
CVE-2023-41045
was published
for
org.graylog2:graylog2-server
(Maven)
Jul 6, 2023
Keycloak vulnerable to user impersonation via stolen UUID code
High
CVE-2023-0264
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 2, 2023
Insufficient Verification of Data Authenticity in Apache Tomcat
Moderate
CVE-2017-7674
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Insufficient Verification of Data Authenticity in Async Http Client
Moderate
CVE-2013-7397
was published
for
com.ning:async-http-client
(Maven)
May 13, 2022
Insufficient Verification of Data Authenticity in Async Http Client
Moderate
CVE-2013-7398
was published
for
com.ning:async-http-client
(Maven)
May 13, 2022
Spring Security vulnerable to Authorization Bypass
High
CVE-2018-15801
was published
for
org.springframework.security:spring-security-core
(Maven)
Dec 20, 2018
ProTip!
Advisories are also available from the
GraphQL API