Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

3,195 advisories

Loading
Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature Moderate
CVE-2026-50560 was published for io.netty:netty-codec-http2 (Maven) Jun 15, 2026
ashleytolbert Credited to ashleytolbert
Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted Moderate
CVE-2026-50020 was published for io.netty:netty-codec-http (Maven) Jun 15, 2026
chrisvest Credited to chrisvest
Netty: QUIC stateless reset token material exposed through header-visible connection IDs Moderate
CVE-2026-50009 was published for io.netty:netty-codec-classes-quic (Maven) Jun 15, 2026
violetagg Credited to violetagg
ConnectBot SSH Client Library: Excessive allocation and integer overflow in DER private-key parsing Moderate
GHSA-vc8p-8pxg-rfwg was published for org.connectbot.sshlib:sshlib (Maven) Jun 12, 2026
Pig-Tail Credited to Pig-Tail and kruton kruton kruton
ConnectBot SSH Client Library: Unbounded SSH field lengths can cause excessive memory allocation Moderate
GHSA-ch3q-cw5r-f4hg was published for org.connectbot.sshlib:sshlib (Maven) Jun 12, 2026
kruton Credited to kruton
GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution Moderate
CVE-2025-58175 was published for org.geoserver.web:gs-web-app (Maven) Jun 12, 2026
lemauanhphong Credited to lemauanhphong and jodygarnett jodygarnett jodygarnett
netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion Moderate
CVE-2026-48043 was published for io.netty:netty-codec-http2 (Maven) Jun 11, 2026
netty-incubator-codec-ohttp's Incorrect Native Pointer Derivation in Pooled Direct ByteBuf Fallback Leads to Out-of-Bounds Native Memory Access Moderate
CVE-2026-48040 was published for io.netty.incubator:netty-incubator-codec-ohttp-hpke-native-boringssl (Maven) Jun 11, 2026
In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header Moderate
CVE-2026-41726 was published for org.springframework.kafka:spring-kafka (Maven) Jun 10, 2026
julianladisch Credited to julianladisch
Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced Moderate
CVE-2026-47244 was published for io.netty:netty-codec-http2 (Maven) Jun 8, 2026
chrisvest Credited to chrisvest
Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port Moderate
CVE-2026-45673 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty: Unix-socket fd receive leaks descriptors when peer sends two at once Moderate
CVE-2026-45536 was published for io.netty:netty-transport-native-epoll (Maven) Jun 8, 2026
epa4all-client: Unauthenticated REST API for Patient Record Writes Moderate
CVE-2026-47672 was published for com.oviva.telematik:epa4all-rest-service (Maven) Jun 4, 2026
snomi Credited to snomi and Volcore Volcore Volcore
Yamcs has No Rate Limiting on Authentication Endpoint Moderate
CVE-2026-44596 was published for org.yamcs:yamcs-core (Maven) May 27, 2026
ex-cal1bur Credited to ex-cal1bur
Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints Moderate
CVE-2026-44595 was published for org.yamcs:yamcs-core (Maven) May 27, 2026
ex-cal1bur Credited to ex-cal1bur
Yamcs Vulnerable to LDAP Injection in LdapAuthModule Moderate
CVE-2026-42568 was published for org.yamcs:yamcs-core (Maven) May 26, 2026
ex-cal1bur Credited to ex-cal1bur
netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures Moderate
CVE-2026-41207 was published for io.netty.incubator:netty-incubator-codec-ohttp (Maven) May 26, 2026
XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin Moderate
CVE-2026-48047 was published for org.xwiki.platform:xwiki-platform-webjars-api (Maven) May 26, 2026
Keycloak: Insufficient verification proof scoping enables identity provider account linking attack and account compromise Moderate
CVE-2026-9087 was published for org.keycloak:keycloak-services (Maven) May 20, 2026
fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode Moderate
CVE-2026-45581 was published for org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim (Maven) May 19, 2026
lalalala5678 Credited to lalalala5678 and bestbeforetoday bestbeforetoday bestbeforetoday
Keycloak: Unauthorized account takeover via WebAuthn token replay Moderate
CVE-2026-37982 was published for org.keycloak:keycloak-services (Maven) May 19, 2026
Keycloak: Information disclosure via OIDC token introspection endpoint audience bypass Moderate
CVE-2026-37979 was published for org.keycloak:keycloak-services (Maven) May 19, 2026
Keycloak: Information Disclosure via evaluate-scopes Admin API Moderate
CVE-2026-37978 was published for org.keycloak:keycloak-services (Maven) May 19, 2026
Keycloak: Revoked Tokens Can Remain Active When Both Realm-Level and Client-Level `notBefore` Revocation Policies are Configured Moderate
CVE-2026-8922 was published for org.keycloak:keycloak-services (Maven) May 19, 2026
Keycloak: Policy bypass during WebAuthn credential registration via client-side JavaScript manipulation Moderate
CVE-2026-8830 was published for org.keycloak:keycloak-services (Maven) May 19, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database