Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

6,791 advisories

Loading
Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects Moderate
CVE-2026-41280 was published for org.apache.dolphinscheduler:dolphinscheduler-api (Maven) Jun 17, 2026
Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure Critical
CVE-2026-32966 was published for org.apache.dolphinscheduler:dolphinscheduler-api (Maven) Jun 17, 2026
Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks Critical
CVE-2026-32967 was published for org.apache.dolphinscheduler:dolphinscheduler-api (Maven) Jun 17, 2026
Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature Moderate
CVE-2026-50560 was published for io.netty:netty-codec-http2 (Maven) Jun 15, 2026
ashleytolbert Credited to ashleytolbert
Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted Moderate
CVE-2026-50020 was published for io.netty:netty-codec-http (Maven) Jun 15, 2026
chrisvest Credited to chrisvest
Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length High
CVE-2026-50011 was published for io.netty:netty-codec-redis (Maven) Jun 15, 2026
violetagg Credited to violetagg
Netty: Wrapping plain trust manager silently disables hostname verification High
CVE-2026-50010 was published for io.netty:netty-handler (Maven) Jun 15, 2026
Netty: QUIC stateless reset token material exposed through header-visible connection IDs Moderate
CVE-2026-50009 was published for io.netty:netty-codec-classes-quic (Maven) Jun 15, 2026
violetagg Credited to violetagg
Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion High
CVE-2026-48748 was published for io.netty:netty-codec-http3 (Maven) Jun 15, 2026
violetagg Credited to violetagg
ConnectBot SSH Client Library: Excessive allocation and integer overflow in DER private-key parsing Moderate
CVE-2026-54697 was published for org.connectbot.sshlib:sshlib (Maven) Jun 12, 2026
Pig-Tail Credited to Pig-Tail and kruton kruton kruton
ConnectBot SSH Client Library: Unbounded SSH field lengths can cause excessive memory allocation Moderate
CVE-2026-54700 was published for org.connectbot.sshlib:sshlib (Maven) Jun 12, 2026
kruton Credited to kruton
Appsmith: Configuration-dependent origin validation bypass in password reset and email verification link generation High
GHSA-j9gf-vw2f-9hrw was published for com.appsmith:server (Maven) Jun 12, 2026
0xmrma Credited to 0xmrma
Appsmith Super User Creation Race Condition Allows Multiple Instance Administrators High
GHSA-9wcp-79g5-5c3c was published for com.appsmith:server (Maven) Jun 12, 2026
Moonster8282 Credited to Moonster8282
GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution Moderate
CVE-2025-58175 was published for org.geoserver.web:gs-web-app (Maven) Jun 12, 2026
lemauanhphong Credited to lemauanhphong and jodygarnett jodygarnett jodygarnett
GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page High
CVE-2025-52465 was published for org.geoserver.web:gs-web-app (Maven) Jun 12, 2026
YacineF Credited to YacineF, sikeoka, partywavesec, and jodygarnett sikeoka sikeoka
partywavesec partywavesec jodygarnett jodygarnett
GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection High
CVE-2025-27511 was published for org.geoserver.extension:gs-db2 (Maven) Jun 11, 2026
H4cking2theGate Credited to H4cking2theGate, jodygarnett, and aaime jodygarnett jodygarnett
aaime aaime
Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion High
CVE-2026-48059 was published for io.netty:netty-codec-haproxy (Maven) Jun 11, 2026
netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion Moderate
CVE-2026-48043 was published for io.netty:netty-codec-http2 (Maven) Jun 11, 2026
netty-incubator-codec-ohttp's Incorrect Native Pointer Derivation in Pooled Direct ByteBuf Fallback Leads to Out-of-Bounds Native Memory Access Moderate
CVE-2026-48040 was published for io.netty.incubator:netty-incubator-codec-ohttp-hpke-native-boringssl (Maven) Jun 11, 2026
Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator High
CVE-2026-48006 was published for io.netty:netty-codec-redis (Maven) Jun 11, 2026
Acknowledgement extension out of memory High
CVE-2025-53114 was published for org.cometd.java:cometd-java-server-common (Maven) Jun 10, 2026
cosimo Credited to cosimo
Jenkins: Stored XSS vulnerability in node offline cause description High
CVE-2026-53441 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 10, 2026
lohitkolluri Credited to lohitkolluri
Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates Moderate
CVE-2026-47838 was published for org.springframework.security:spring-security-web (Maven) Jun 10, 2026
marcelstoer Credited to marcelstoer and julianladisch julianladisch julianladisch
In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header Moderate
CVE-2026-41726 was published for org.springframework.kafka:spring-kafka (Maven) Jun 10, 2026
julianladisch Credited to julianladisch
ProTip! Advisories are also available from the GraphQL API