GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
3,263 advisories
Filter by severity
netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion
Moderate
CVE-2026-48043
was published
for
io.netty:netty-codec-http2
(Maven)
Jun 11, 2026
Apache Calcite is Vulnerable to Use of Externally-Controlled Input to Select Classes
Moderate
CVE-2026-46718
was published
for
org.apache.calcite:calcite-core
(Maven)
Jun 2, 2026
Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All have an Exposure of Sensitive Information Through Metadata vulnerability
Moderate
CVE-2026-49270
was published
for
org.apache.activemq:activemq-all
(Maven)
Jun 1, 2026
Apache ActiveMQ server has an incomplete authorization workflow
Moderate
CVE-2026-46605
was published
for
org.apache.activemq:apache-activemq
(Maven)
Jun 1, 2026
Apache ActiveMQ, Apache ActiveMQ Web have a Cross-site Scripting issue
Moderate
CVE-2026-42253
was published
for
org.apache.activemq:activemq-web
(Maven)
Jun 1, 2026
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11022
was published
for
athlon1600/youtube-downloader
(RubyGems)
Apr 29, 2020
Spring Cloud Function Context has Uncontrolled Recursion
Moderate
CVE-2026-40989
was published
for
org.springframework.cloud:spring-cloud-function-context
(Maven)
Jun 1, 2026
Spring Cloud Function Context: Uncontrolled Recursion is possible while attempting to add infinite amount of functions to Function Registry
Moderate
CVE-2026-40990
was published
for
org.springframework.cloud:spring-cloud-function-context
(Maven)
Jun 1, 2026
Micronaut: DefaultHttpClient follows redirects, forwarding Authorization, Cookie, and Proxy-Authorization headers
Moderate
GHSA-q6gh-6v2r-hjv3
was published
for
io.micronaut:micronaut-http-client
(Maven)
Jul 9, 2026
NL Portal: Missing per-user authorization on document and decision GraphQL queries in nl-portal-backend-libraries
Moderate
CVE-2026-49463
was published
for
nl.nl-portal:besluiten
(Maven)
Jul 8, 2026
DSpace: Path Traversal is possible through LDN message generation
Moderate
CVE-2026-49833
was published
for
org.dspace:dspace-api
(Maven)
Jul 8, 2026
DSpace: ORE resource URI does not validate scheme for non-web resources
Moderate
CVE-2026-49830
was published
for
org.dspace:dspace-api
(Maven)
Jul 8, 2026
DSpace has a possible Path Traversal Vulnerability in its Curation Task Reporter output path
Moderate
CVE-2026-49831
was published
for
org.dspace:dspace-api
(Maven)
Jul 8, 2026
Apache Fesod is vulnerable to Server-Side Request Forgery through its UrlImageConverter component
Moderate
CVE-2026-49328
was published
for
org.apache.fesod:fesod-sheet
(Maven)
Jun 1, 2026
ConnectBot SSH Client Library: Unbounded SSH field lengths can cause excessive memory allocation
Moderate
CVE-2026-54700
was published
for
org.connectbot.sshlib:sshlib
(Maven)
Jun 12, 2026
ConnectBot SSH Client Library: Excessive allocation and integer overflow in DER private-key parsing
Moderate
CVE-2026-54697
was published
for
org.connectbot.sshlib:sshlib
(Maven)
Jun 12, 2026
HTML Injection in ActiveMQ Artemis Web Console
Moderate
CVE-2022-35278
was published
for
org.apache.activemq:artemis-server
(Maven)
Aug 24, 2022
Bouncy Castle LTS native GCM chunking can cause bad-tag exception on decryption
Moderate
CVE-2026-8149
was published
for
org.bouncycastle:bcprov-lts8on
(Maven)
May 8, 2026
ActiveMQ Artemis has Insufficiently Protected Credentials
Moderate
CVE-2020-10727
was published
for
org.apache.activemq:artemis-commons
(Maven)
May 24, 2022
OpenRemote read-only asset users can write predicted datapoints
Moderate
CVE-2026-49439
was published
for
io.openremote:openremote-manager
(Maven)
Jul 6, 2026
Apache Tomcat Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-54677
was published
for
org.apache.tomcat:tomcat
(Maven)
Dec 17, 2024
Spring Framework DoS with Multipart Temp Files in WebFlux
Moderate
CVE-2026-22740
was published
for
org.springframework:spring-webflux
(Maven)
Apr 29, 2026
Apache Artemis has an Incorrect Authorization issue
Moderate
CVE-2026-40914
was published
for
org.apache.artemis:artemis-stomp-protocol
(Maven)
May 28, 2026
Keycloak has an Out-of-bounds Read
Moderate
CVE-2026-9803
was published
for
org.keycloak:keycloak-services
(Maven)
May 28, 2026
Keycloak has Insufficient Session Expiration
Moderate
CVE-2026-9802
was published
for
org.keycloak:keycloak-services
(Maven)
May 28, 2026
ProTip!
Advisories are also available from the
GraphQL API