Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

3,263 advisories

Loading
netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion Moderate
CVE-2026-48043 was published for io.netty:netty-codec-http2 (Maven) Jun 11, 2026
Apache Calcite is Vulnerable to Use of Externally-Controlled Input to Select Classes Moderate
CVE-2026-46718 was published for org.apache.calcite:calcite-core (Maven) Jun 2, 2026
Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All have an Exposure of Sensitive Information Through Metadata vulnerability Moderate
CVE-2026-49270 was published for org.apache.activemq:activemq-all (Maven) Jun 1, 2026
Apache ActiveMQ server has an incomplete authorization workflow Moderate
CVE-2026-46605 was published for org.apache.activemq:apache-activemq (Maven) Jun 1, 2026
Apache ActiveMQ, Apache ActiveMQ Web have a Cross-site Scripting issue Moderate
CVE-2026-42253 was published for org.apache.activemq:activemq-web (Maven) Jun 1, 2026
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11022 was published for athlon1600/youtube-downloader (RubyGems) Apr 29, 2020
masatokinugawa Credited to masatokinugawa, Churro, Rudloff, sealonohana, and Athlon1600 Churro Churro
Rudloff Rudloff sealonohana sealonohana Athlon1600 Athlon1600
Spring Cloud Function Context has Uncontrolled Recursion Moderate
CVE-2026-40989 was published for org.springframework.cloud:spring-cloud-function-context (Maven) Jun 1, 2026
Spring Cloud Function Context: Uncontrolled Recursion is possible while attempting to add infinite amount of functions to Function Registry Moderate
CVE-2026-40990 was published for org.springframework.cloud:spring-cloud-function-context (Maven) Jun 1, 2026
Micronaut: DefaultHttpClient follows redirects, forwarding Authorization, Cookie, and Proxy-Authorization headers Moderate
GHSA-q6gh-6v2r-hjv3 was published for io.micronaut:micronaut-http-client (Maven) Jul 9, 2026
sdelamo Credited to sdelamo
NL Portal: Missing per-user authorization on document and decision GraphQL queries in nl-portal-backend-libraries Moderate
CVE-2026-49463 was published for nl.nl-portal:besluiten (Maven) Jul 8, 2026
DSpace: Path Traversal is possible through LDN message generation Moderate
CVE-2026-49833 was published for org.dspace:dspace-api (Maven) Jul 8, 2026
superpegaso2703 Credited to superpegaso2703 and kshepherd kshepherd kshepherd
DSpace: ORE resource URI does not validate scheme for non-web resources Moderate
CVE-2026-49830 was published for org.dspace:dspace-api (Maven) Jul 8, 2026
superpegaso2703 Credited to superpegaso2703 and kshepherd kshepherd kshepherd
DSpace has a possible Path Traversal Vulnerability in its Curation Task Reporter output path Moderate
CVE-2026-49831 was published for org.dspace:dspace-api (Maven) Jul 8, 2026
superpegaso2703 Credited to superpegaso2703 and kshepherd kshepherd kshepherd
Apache Fesod is vulnerable to Server-Side Request Forgery through its UrlImageConverter component Moderate
CVE-2026-49328 was published for org.apache.fesod:fesod-sheet (Maven) Jun 1, 2026
ConnectBot SSH Client Library: Unbounded SSH field lengths can cause excessive memory allocation Moderate
CVE-2026-54700 was published for org.connectbot.sshlib:sshlib (Maven) Jun 12, 2026
kruton Credited to kruton
ConnectBot SSH Client Library: Excessive allocation and integer overflow in DER private-key parsing Moderate
CVE-2026-54697 was published for org.connectbot.sshlib:sshlib (Maven) Jun 12, 2026
Pig-Tail Credited to Pig-Tail and kruton kruton kruton
HTML Injection in ActiveMQ Artemis Web Console Moderate
CVE-2022-35278 was published for org.apache.activemq:artemis-server (Maven) Aug 24, 2022
Bouncy Castle LTS native GCM chunking can cause bad-tag exception on decryption Moderate
CVE-2026-8149 was published for org.bouncycastle:bcprov-lts8on (Maven) May 8, 2026
discerningdev Credited to discerningdev
ActiveMQ Artemis has Insufficiently Protected Credentials Moderate
CVE-2020-10727 was published for org.apache.activemq:artemis-commons (Maven) May 24, 2022
OpenRemote read-only asset users can write predicted datapoints Moderate
CVE-2026-49439 was published for io.openremote:openremote-manager (Maven) Jul 6, 2026
Hussien-Alzaghateet Credited to Hussien-Alzaghateet
Apache Tomcat Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-54677 was published for org.apache.tomcat:tomcat (Maven) Dec 17, 2024
yusuke-koyoshi Credited to yusuke-koyoshi
Spring Framework DoS with Multipart Temp Files in WebFlux Moderate
CVE-2026-22740 was published for org.springframework:spring-webflux (Maven) Apr 29, 2026
yuki-matsuhashi Credited to yuki-matsuhashi
Apache Artemis has an Incorrect Authorization issue Moderate
CVE-2026-40914 was published for org.apache.artemis:artemis-stomp-protocol (Maven) May 28, 2026
Keycloak has an Out-of-bounds Read Moderate
CVE-2026-9803 was published for org.keycloak:keycloak-services (Maven) May 28, 2026
Keycloak has Insufficient Session Expiration Moderate
CVE-2026-9802 was published for org.keycloak:keycloak-services (Maven) May 28, 2026
ProTip! Advisories are also available from the GraphQL API