GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
895 advisories
Spring Cloud Config vulnerable to Path Traversal
Critical
CVE-2026-40982
was published
for
org.springframework.cloud:spring-cloud-config-server
(Maven)
May 7, 2026
dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution
Critical
CVE-2026-33728
was published
for
com.datadoghq:dd-java-agent
(Maven)
Mar 26, 2026
http4k has a potential XXE (XML External Entity Injection) vulnerability
Critical
CVE-2024-55875
was published
for
org.http4k:http4k-format-xml
(Maven)
Dec 12, 2024
Deserialization of Untrusted Data in Log4j
Critical
CVE-2019-17571
was published
for
log4j:log4j
(Maven)
Jan 6, 2020
Apache Tomcat affected by vulnerability in TLS and SSL protocol
Critical
CVE-2009-3555
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
SQL Injection in Log4j 1.2.x
Critical
CVE-2022-23305
was published
for
log4j:log4j
(Maven)
Jan 21, 2022
Apache IoTDB: Deserialization of untrusted Data
Critical
CVE-2025-48459
was published
for
apache-iotdb
(Maven)
Sep 24, 2025
Security feature bypass vulnerability in Azure Key Vault Keys library for Java
Critical
CVE-2026-33117
was published
for
com.azure:azure-security-keyvault-keys
(Maven)
May 12, 2026
Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection
Critical
CVE-2026-46621
was published
for
org.yamcs:yamcs-core
(Maven)
May 27, 2026
Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override
Critical
CVE-2026-46562
was published
for
org.yamcs:yamcs-core
(Maven)
May 27, 2026
Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`
Critical
CVE-2026-44632
was published
for
org.yamcs:yamcs-core
(Maven)
May 27, 2026
XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}
Critical
CVE-2026-33137
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
May 26, 2026
XWiki Platform has path traversal via resources parameter in ssx and jsx endpoints when using leading slash
Critical
CVE-2026-23734
was published
for
org.xwiki.commons:xwiki-commons-classloader-api
(Maven)
May 26, 2026
Apache Camel has an incomplete fix for CVE-2025-27636
Critical
CVE-2026-40453
was published
for
org.apache.camel:camel-coap
(Maven)
Apr 27, 2026
fabric-sdk-java has ObjectInputStream.readObject() without ObjectInputFilter, which allows Java deserialization RCE
Critical
CVE-2026-41586
was published
for
org.hyperledger.fabric-sdk-java:fabric-sdk-java
(Maven)
Apr 29, 2026
Apache Tomcat: CLIENT_CERT authentication does not fail as expected
Critical
CVE-2026-29145
was published
for
org.apache.tomcat:tomcat
(Maven)
Apr 9, 2026
OpenMRS has Stored Velocity SSTI to RCE via ConceptReferenceRange
Critical
CVE-2026-41258
was published
for
org.openmrs.api:openmrs-api
(Maven)
May 4, 2026
ProTip!
Advisories are also available from the
GraphQL API