Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

2,169 advisories

Loading
Jenkins: Stored XSS vulnerability in node offline cause description High
CVE-2026-53441 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 10, 2026
lohitkolluri Credited to lohitkolluri
In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization High
CVE-2026-41731 was published for org.springframework.kafka:spring-kafka (Maven) Jun 10, 2026
oscerd Credited to oscerd
Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion High
CVE-2026-48059 was published for io.netty:netty-codec-haproxy (Maven) Jun 11, 2026
Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator High
CVE-2026-48006 was published for io.netty:netty-codec-redis (Maven) Jun 11, 2026
Netty has Insufficient Bailiwick Validation for NS Records High
CVE-2026-47691 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty: SCTP reassembly nests buffers without bound High
CVE-2026-46340 was published for io.netty:netty-transport-sctp (Maven) Jun 8, 2026
Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records High
CVE-2026-45674 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes High
CVE-2026-45416 was published for io.netty:netty-handler (Maven) Jun 8, 2026
Netty's Default QUIC token handler accepts any client-supplied token High
CVE-2026-44894 was published for io.netty:netty-codec-classes-quic (Maven) Jun 8, 2026
Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length High
CVE-2026-44893 was published for io.netty:netty-codec-haproxy (Maven) Jun 8, 2026
Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size High
CVE-2026-44892 was published for io.netty:netty-codec-http3 (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty has Unbounded Direct Memory Consumption in its RedisDecoder High
CVE-2026-44890 was published for io.netty:netty-codec-redis (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays High
CVE-2026-44250 was published for io.netty:netty-codec-redis (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking High
CVE-2026-44249 was published for io.netty:netty-handler (Maven) Jun 8, 2026
violetagg Credited to violetagg
Appsmith: Configuration-dependent origin validation bypass in password reset and email verification link generation High
GHSA-j9gf-vw2f-9hrw was published for com.appsmith:server (Maven) Jun 12, 2026
0xmrma Credited to 0xmrma
Appsmith Super User Creation Race Condition Allows Multiple Instance Administrators High
GHSA-9wcp-79g5-5c3c was published for com.appsmith:server (Maven) Jun 12, 2026
Moonster8282 Credited to Moonster8282
GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page High
CVE-2025-52465 was published for org.geoserver.web:gs-web-app (Maven) Jun 12, 2026
YacineF Credited to YacineF, sikeoka, partywavesec, and jodygarnett sikeoka sikeoka
partywavesec partywavesec jodygarnett jodygarnett
GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection High
CVE-2025-27511 was published for org.geoserver.extension:gs-db2 (Maven) Jun 11, 2026
H4cking2theGate Credited to H4cking2theGate, jodygarnett, and aaime jodygarnett jodygarnett
aaime aaime
Spring Cloud Config has an Authorization Bypass Through User-Controlled Key High
CVE-2026-40981 was published for org.springframework.cloud:spring-cloud-config-server (Maven) May 7, 2026
scottfrederick Credited to scottfrederick
Infinite Loop in Apache Tomcat High
CVE-2020-13935 was published for org.apache.tomcat.embed:tomcat-embed-websocket (Maven) Feb 8, 2022
sunSUNQ Credited to sunSUNQ and aruneko aruneko aruneko
Uncontrolled Resource Consumption in Apache Tomcat High
CVE-2020-11996 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Feb 9, 2022
sunSUNQ Credited to sunSUNQ and aruneko aruneko aruneko
Netty has a DNS Codec Input Validation Bypass (Encoder + Decoder) High
CVE-2026-42579 was published for io.netty:netty-codec-dns (Maven) May 7, 2026
August829 Credited to August829
Undertow is Vulnerable to HTTP Request/Response Smuggling High
CVE-2026-28367 was published for io.undertow:undertow-parent (Maven) Mar 27, 2026
Undertow is Vulnerable to HTTP Request/Response Smuggling High
CVE-2026-28368 was published for io.undertow:undertow-parent (Maven) Mar 27, 2026
Undertow is Vulnerable to HTTP Request/Response Smuggling High
CVE-2026-28369 was published for io.undertow:undertow-parent (Maven) Mar 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database