Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

2,132 advisories

Loading
Improper Verification of Cryptographic Signature in com.oviva.telematik:epa4all-client High
CVE-2026-45575 was published for com.oviva.telematik:epa4all-client (Maven) May 15, 2026
snomi Credited to snomi and Volcore Volcore Volcore
epa4all-client: TLS Certificate Validation Disabled in Production High
CVE-2026-45574 was published for com.oviva.telematik:epa4all-client (Maven) May 15, 2026
snomi Credited to snomi and Volcore Volcore Volcore
Valtimo has sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizer High
CVE-2026-44516 was published for com.ritense.valtimo:web (Maven) May 11, 2026
Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs High
CVE-2026-41705 was published for org.springframework.ai:spring-ai-milvus-store (Maven) May 9, 2026
epa4all-client has a VAU Signature bypass High
CVE-2026-44900 was published for com.oviva.telematik:epa4all-client (Maven) May 8, 2026
snomi Credited to snomi and Volcore Volcore Volcore
bitcoinj has a ScriptExecution P2PKH/P2WPKH Verification Bypass High
CVE-2026-44714 was published for org.bitcoinj:bitcoinj-core (Maven) May 8, 2026
jmecom Credited to jmecom, msgilligan, and schildbach msgilligan msgilligan
schildbach schildbach
Apache NiFi is missing the Restricted annotation with the Execute Code Required Permission High
CVE-2026-39816 was published for org.apache.nifi:nifi-other-graph-services-nar (Maven) May 8, 2026
Alkacon OpenCms is vulnerable to XXE when the <!DOCTYPE> refers to an external host High
CVE-2023-42346 was published for org.opencms:opencms-core (Maven) May 8, 2026
Alkacon OpenCms allows remote unauthenticated attackers to obtain sensitive information High
CVE-2023-42344 was published for org.opencms:opencms-core (Maven) May 8, 2026
Spring Cloud Config has an Authorization Bypass Through User-Controlled Key High
CVE-2026-40981 was published for org.springframework.cloud:spring-cloud-config (Maven) May 7, 2026
Spring Cloud Config Server Susceptible To TOCTOU Attack High
CVE-2026-41002 was published for org.springframework.cloud:spring-cloud-config-server (Maven) May 7, 2026
Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect High
CVE-2026-44503 was published for Microsoft.Kiota.Abstractions (Go) May 7, 2026
MIchaelMainer Credited to MIchaelMainer
Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS High
CVE-2026-42587 was published for io.netty:netty-codec-http (Maven) May 7, 2026
offset Credited to offset
Netty has HttpClientCodec response desynchronization High
CVE-2026-42584 was published for io.netty:netty-codec-http (Maven) May 7, 2026
violetagg Credited to violetagg
Netty Lz4FrameDecoder is vulnerable to resource exhaustion High
CVE-2026-42583 was published for io.netty:netty-codec (Maven) May 7, 2026
violetagg Credited to violetagg
Netty HTTP/3 QPACK literal unbounded allocation High
CVE-2026-42582 was published for io.netty:netty-codec-http3 (Maven) May 7, 2026
violetagg Credited to violetagg
Netty has a DNS Codec Input Validation Bypass (Encoder + Decoder) High
CVE-2026-42579 was published for io.netty:netty-codec-dns (Maven) May 7, 2026
Netty epoll transport denial of service via RST on half-closed TCP connection High
CVE-2026-42577 was published for io.netty:netty-transport-native-epoll (Maven) May 6, 2026
Stormpx Credited to Stormpx, dzaisban, normanmaurer, SeBBBe, pjfanning, jneira-stratio, mpenttila, and chrisvest dzaisban dzaisban
normanmaurer normanmaurer SeBBBe SeBBBe pjfanning pjfanning jneira-stratio jneira-stratio mpenttila mpenttila chrisvest chrisvest
Micronaut has unbounded `formattersCache` in `TimeConverterRegistrar` that Allows Memory Exhaustion via `Accept-Language` Header High
CVE-2026-44241 was published for io.micronaut:micronaut-context (Maven) May 6, 2026
offset Credited to offset
Apache Wicket has an Exposure of Sensitive Information to an Unauthorized Actor vulnerability High
CVE-2026-43646 was published for org.apache.wicket:wicket-parent (Maven) May 6, 2026
jdbi3-freemarker Vulnerable to Improper Neutralization of Special Elements Used in FreeMarker Template Engine High
GHSA-mggx-p7jf-jgw4 was published for org.jdbi:jdbi3-freemarker (Maven) May 5, 2026
wodzen Credited to wodzen
pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS High
CVE-2026-42198 was published for org.postgresql:postgresql (Maven) May 5, 2026
sehrope Credited to sehrope
Eclipse BaSyx Java Server SDK vulnerable to Server-Side Request Forgery High
CVE-2026-7412 was published for org.eclipse.basyx:basyx.sdk (Maven) May 5, 2026
Apache Thrift has an Improper Validation of Certificate with Host Mismatch Vulnerability High
CVE-2026-43869 was published for org.apache.thrift:libthrift (Maven) May 5, 2026
Apache OpenNLP AbstractModelReader has an OOM Denial of Service via Unbounded Array Allocation High
CVE-2026-42440 was published for org.apache.opennlp:opennlp-tools (Maven) May 4, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database