Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

6,648 advisories

Loading
Jenkins: Stored XSS vulnerability in node offline cause description High
CVE-2026-53441 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 10, 2026
lohitkolluri Credited to lohitkolluri
In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization High
CVE-2026-41731 was published for org.springframework.kafka:spring-kafka (Maven) Jun 10, 2026
oscerd Credited to oscerd
In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header Moderate
CVE-2026-41726 was published for org.springframework.kafka:spring-kafka (Maven) Jun 10, 2026
julianladisch Credited to julianladisch
ConnectBot SSH Client Library: Excessive allocation and integer overflow in DER private-key parsing Moderate
GHSA-vc8p-8pxg-rfwg was published for org.connectbot.sshlib:sshlib (Maven) Jun 12, 2026
Pig-Tail Credited to Pig-Tail and kruton kruton kruton
ConnectBot SSH Client Library: Unbounded SSH field lengths can cause excessive memory allocation Moderate
GHSA-ch3q-cw5r-f4hg was published for org.connectbot.sshlib:sshlib (Maven) Jun 12, 2026
kruton Credited to kruton
Apache Tomcat Improper Input Validation vulnerability Moderate
CVE-2023-45648 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 10, 2023
biehl1 Credited to biehl1, mpihelgas, and aruneko mpihelgas mpihelgas
aruneko aruneko
Apache Tomcat Incomplete Cleanup vulnerability Moderate
CVE-2023-42795 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 10, 2023
biehl1 Credited to biehl1, mpihelgas, and aruneko mpihelgas mpihelgas
aruneko aruneko
Apache Tomcat - Client certificate verification bypass Moderate
CVE-2025-66614 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Feb 17, 2026
Jenson3210 Credited to Jenson3210 and yusuke-koyoshi yusuke-koyoshi yusuke-koyoshi
Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion High
CVE-2026-48059 was published for io.netty:netty-codec-haproxy (Maven) Jun 11, 2026
netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion Moderate
CVE-2026-48043 was published for io.netty:netty-codec-http2 (Maven) Jun 11, 2026
Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator High
CVE-2026-48006 was published for io.netty:netty-codec-redis (Maven) Jun 11, 2026
Netty has Insufficient Bailiwick Validation for NS Records High
CVE-2026-47691 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced Moderate
CVE-2026-47244 was published for io.netty:netty-codec-http2 (Maven) Jun 8, 2026
chrisvest Credited to chrisvest
Netty: SCTP reassembly nests buffers without bound High
CVE-2026-46340 was published for io.netty:netty-transport-sctp (Maven) Jun 8, 2026
Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records High
CVE-2026-45674 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port Moderate
CVE-2026-45673 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty: Unix-socket fd receive leaks descriptors when peer sends two at once Moderate
CVE-2026-45536 was published for io.netty:netty-transport-native-epoll (Maven) Jun 8, 2026
Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes High
CVE-2026-45416 was published for io.netty:netty-handler (Maven) Jun 8, 2026
Netty's Default QUIC token handler accepts any client-supplied token High
CVE-2026-44894 was published for io.netty:netty-codec-classes-quic (Maven) Jun 8, 2026
Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length High
CVE-2026-44893 was published for io.netty:netty-codec-haproxy (Maven) Jun 8, 2026
Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size High
CVE-2026-44892 was published for io.netty:netty-codec-http3 (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty has Unbounded Direct Memory Consumption in its RedisDecoder High
CVE-2026-44890 was published for io.netty:netty-codec-redis (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays High
CVE-2026-44250 was published for io.netty:netty-codec-redis (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking High
CVE-2026-44249 was published for io.netty:netty-handler (Maven) Jun 8, 2026
violetagg Credited to violetagg
Appsmith: Configuration-dependent origin validation bypass in password reset and email verification link generation High
GHSA-j9gf-vw2f-9hrw was published for com.appsmith:server (Maven) Jun 12, 2026
0xmrma Credited to 0xmrma
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database