GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
6,791 advisories
Filter by severity
Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.
Moderate
CVE-2026-42357
was published
for
org.apache.dolphinscheduler:dolphinscheduler-api
(Maven)
Jun 17, 2026
Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects
Moderate
CVE-2026-41280
was published
for
org.apache.dolphinscheduler:dolphinscheduler-api
(Maven)
Jun 17, 2026
Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure
Critical
CVE-2026-32966
was published
for
org.apache.dolphinscheduler:dolphinscheduler-api
(Maven)
Jun 17, 2026
Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks
Critical
CVE-2026-32967
was published
for
org.apache.dolphinscheduler:dolphinscheduler-api
(Maven)
Jun 17, 2026
Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature
Moderate
CVE-2026-50560
was published
for
io.netty:netty-codec-http2
(Maven)
Jun 15, 2026
Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted
Moderate
CVE-2026-50020
was published
for
io.netty:netty-codec-http
(Maven)
Jun 15, 2026
Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length
High
CVE-2026-50011
was published
for
io.netty:netty-codec-redis
(Maven)
Jun 15, 2026
Netty: Wrapping plain trust manager silently disables hostname verification
High
CVE-2026-50010
was published
for
io.netty:netty-handler
(Maven)
Jun 15, 2026
Netty: QUIC stateless reset token material exposed through header-visible connection IDs
Moderate
CVE-2026-50009
was published
for
io.netty:netty-codec-classes-quic
(Maven)
Jun 15, 2026
Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion
High
CVE-2026-48748
was published
for
io.netty:netty-codec-http3
(Maven)
Jun 15, 2026
ConnectBot SSH Client Library: Excessive allocation and integer overflow in DER private-key parsing
Moderate
CVE-2026-54697
was published
for
org.connectbot.sshlib:sshlib
(Maven)
Jun 12, 2026
ConnectBot SSH Client Library: Unbounded SSH field lengths can cause excessive memory allocation
Moderate
CVE-2026-54700
was published
for
org.connectbot.sshlib:sshlib
(Maven)
Jun 12, 2026
Appsmith: Configuration-dependent origin validation bypass in password reset and email verification link generation
High
GHSA-j9gf-vw2f-9hrw
was published
for
com.appsmith:server
(Maven)
Jun 12, 2026
Appsmith Super User Creation Race Condition Allows Multiple Instance Administrators
High
GHSA-9wcp-79g5-5c3c
was published
for
com.appsmith:server
(Maven)
Jun 12, 2026
GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution
Moderate
CVE-2025-58175
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jun 12, 2026
GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page
High
CVE-2025-52465
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jun 12, 2026
GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection
High
CVE-2025-27511
was published
for
org.geoserver.extension:gs-db2
(Maven)
Jun 11, 2026
Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion
High
CVE-2026-48059
was published
for
io.netty:netty-codec-haproxy
(Maven)
Jun 11, 2026
netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion
Moderate
CVE-2026-48043
was published
for
io.netty:netty-codec-http2
(Maven)
Jun 11, 2026
netty-incubator-codec-ohttp's Incorrect Native Pointer Derivation in Pooled Direct ByteBuf Fallback Leads to Out-of-Bounds Native Memory Access
Moderate
CVE-2026-48040
was published
for
io.netty.incubator:netty-incubator-codec-ohttp-hpke-native-boringssl
(Maven)
Jun 11, 2026
Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator
High
CVE-2026-48006
was published
for
io.netty:netty-codec-redis
(Maven)
Jun 11, 2026
Acknowledgement extension out of memory
High
CVE-2025-53114
was published
for
org.cometd.java:cometd-java-server-common
(Maven)
Jun 10, 2026
Jenkins: Stored XSS vulnerability in node offline cause description
High
CVE-2026-53441
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 10, 2026
Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates
Moderate
CVE-2026-47838
was published
for
org.springframework.security:spring-security-web
(Maven)
Jun 10, 2026
In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header
Moderate
CVE-2026-41726
was published
for
org.springframework.kafka:spring-kafka
(Maven)
Jun 10, 2026
ProTip!
Advisories are also available from the
GraphQL API