Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

2,228 advisories

Loading
Netty: Denial of Service via Unbounded Headers in StompSubframeDecoder High
CVE-2026-44891 was published for io.netty:netty-codec-stomp (Maven) Jul 14, 2026
violetagg Credited to violetagg
Apollo ConfigService access key authentication bypass via raw config file appId parsing High
CVE-2026-59955 was published for com.ctrip.framework.apollo:apollo (Maven) Jul 13, 2026
zhou-youyou Credited to zhou-youyou and Jarvis-Huanglz Jarvis-Huanglz Jarvis-Huanglz
Apollo ConfigService access key authentication bypass via appId parsing and non-canonical matching High
CVE-2026-59954 was published for com.ctrip.framework.apollo:apollo (Maven) Jul 13, 2026
zhou-youyou Credited to zhou-youyou and Jarvis-Huanglz Jarvis-Huanglz Jarvis-Huanglz
Jaspersoft Reports: Java Deserialization Vulnerability Lleads to Remote Code Execution (RCE) High
CVE-2026-6009 was published for net.sf.jasperreports:jasperreports (Maven) May 19, 2026
pmurck Credited to pmurck and yaso-bash yaso-bash yaso-bash
Infinispan: Deserialization of untrusted data in the Hot Rod Java client via automatic byte-array deserialization High
CVE-2016-0750 was published for org.infinispan:infinispan-core (Maven) May 13, 2022
Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records High
CVE-2026-45674 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty has Insufficient Bailiwick Validation for NS Records High
CVE-2026-47691 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator High
CVE-2026-48006 was published for io.netty:netty-codec-redis (Maven) Jun 11, 2026
Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion High
CVE-2026-48059 was published for io.netty:netty-codec-haproxy (Maven) Jun 11, 2026
Micronaut has unbounded `formattersCache` in `TimeConverterRegistrar` that Allows Memory Exhaustion via `Accept-Language` Header High
CVE-2026-44241 was published for io.micronaut:micronaut-context (Maven) May 6, 2026
offset Credited to offset
Apache ActiveMQ has an Incorrect Default Permissions vulnerability High
CVE-2026-49157 was published for org.apache.activemq:apache-activemq (Maven) Jun 1, 2026
Apache MINA SSHD bundle sshd-git has a path traversal vulnerability High
CVE-2026-48827 was published for org.apache.sshd:sshd-git (Maven) Jun 1, 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ have a Code Injection issue High
CVE-2026-45505 was published for org.apache.activemq:activemq-all (Maven) Jun 1, 2026
Apache Solr has hardcoded credentials in the Basic Authentication setup tool High
CVE-2026-44825 was published for org.apache.solr:solr-core (Maven) Jun 1, 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ have a Code Injection issue High
CVE-2026-42588 was published for org.apache.activemq:activemq-all (Maven) Jun 1, 2026
org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint High
CVE-2026-49485 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (Maven) Jul 9, 2026
Micronaut doesn't set a maximum redirect count for its HTTP Client, enabling infinite loop DoS High
GHSA-387m-935m-c4vw was published for io.micronaut:micronaut-http-client (Maven) Jul 9, 2026
sdelamo Credited to sdelamo
NL Portal: IDOR allows any authenticated user to complete and tamper with another user's taak High
CVE-2026-49464 was published for nl.nl-portal:taak (Maven) Jul 8, 2026
DSpace has possible Remote Code Execution (RCE) through Velocity Templates used by LDN High
CVE-2026-49832 was published for org.dspace:dspace-api (Maven) Jul 8, 2026
superpegaso2703 Credited to superpegaso2703 and kshepherd kshepherd kshepherd
Apache ActiveMQ Artemis Uncontrolled Resource Consumption (DoS) High
CVE-2022-23913 was published for org.apache.activemq:artemis-core-client (Maven) Feb 6, 2022
Apache Directory LDAP API lacks server certificate verification for LDAP hostnames High
CVE-2026-35563 was published for org.apache.directory.api:api-ldap-client-api (Maven) Jun 1, 2026
Apache ActiveMQ Artemis vulnerable to Improper Access Control High
CVE-2021-26118 was published for org.apache.activemq:artemis-openwire-protocol (Maven) Jun 16, 2021
XWiki Platform Old Core: Resource path traversal via /skin/ action endpoint in Jetty 12+ High
CVE-2026-34151 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jul 7, 2026
khoaln98 Credited to khoaln98
OpenRemote has Authenticated SQL Injection via Datapoint Crosstab Export High
GHSA-cgfv-jrfp-2r7v was published for io.openremote:openremote-manager (Maven) Jul 6, 2026
aramosf Credited to aramosf
ProTip! Advisories are also available from the GraphQL API