Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

12 advisories

Loading
MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments Moderate
CVE-2026-48517 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr` Moderate
CVE-2026-48817 was published for starlette (pip) Jun 15, 2026
Apache Calcite is Vulnerable to Use of Externally-Controlled Input to Select Classes Moderate
CVE-2026-46718 was published for org.apache.calcite:calcite-core (Maven) Jun 2, 2026
Astro's `X-Forwarded-Host` is reflected without validation Moderate
CVE-2025-61925 was published for astro (npm) Oct 10, 2025
Chisnet Credited to Chisnet
Improper Authentication in Spring Authorization Server Moderate
CVE-2024-22258 was published for org.springframework.security:spring-security-oauth2-authorization-server (Maven) Mar 20, 2024
Kylin can receive user input and load any class through Class.forName(...). Moderate
CVE-2021-31522 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
ProTip! Advisories are also available from the GraphQL API