Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

15 advisories

Loading
Spinnaker has uon-safe yaml deserialization, allowing RCE when using specific types High
CVE-2026-44795 was published for io.spinnaker.orca:orca-core (Maven) Jun 22, 2026
Apache Calcite is Vulnerable to Use of Externally-Controlled Input to Select Classes Moderate
CVE-2026-46718 was published for org.apache.calcite:calcite-core (Maven) Jun 2, 2026
Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override Critical
CVE-2026-46562 was published for org.yamcs:yamcs-core (Maven) May 27, 2026
2BCEB1 Credited to 2BCEB1
Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading Critical
CVE-2026-8178 was published for com.amazon.redshift:redshift-jdbc42 (Maven) May 14, 2026
Fushuling Credited to Fushuling
Apache OpenNLP ExtensionLoader Vulnerable to Arbitrary Class Instantiation via Model Manifest Critical
CVE-2026-42027 was published for org.apache.opennlp:opennlp-tools (Maven) May 4, 2026
Amazon Web Services Advanced JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance High
GHSA-7xw4-g7mm-r4hh was published for software.amazon.jdbc:aws-advanced-jdbc-wrapper (Maven) Nov 13, 2025
Improper Authentication in Spring Authorization Server Moderate
CVE-2024-22258 was published for org.springframework.security:spring-security-oauth2-authorization-server (Maven) Mar 20, 2024
HyperSQL DataBase vulnerable to remote code execution when processing untrusted input Critical
CVE-2022-41853 was published for org.hsqldb:hsqldb (Maven) Oct 6, 2022
lukaseder Credited to lukaseder
Withdrawn: CVE Rejected: JXPath vulnerable to remote code execution when interpreting untrusted XPath expressions Critical
CVE-2022-41852 was published for commons-jxpath:commons-jxpath (Maven) Oct 6, 2022 withdrawn
Warxim Credited to Warxim and JPLachance JPLachance JPLachance
Use of Externally-Controlled Input to Select Classes or Code in Infinispan High
CVE-2019-10174 was published for org.infinispan:infinispan-core (Maven) May 24, 2022
Sandbox bypass vulnerability in Jenkins Script Security Plugin Critical
CVE-2019-1003040 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
westonsteimel Credited to westonsteimel
Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin Critical
CVE-2019-1003041 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 13, 2022
westonsteimel Credited to westonsteimel
Kylin can receive user input and load any class through Class.forName(...). Moderate
CVE-2021-31522 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
Privilege Escalation in Hibernate Validator High
CVE-2017-7536 was published for org.hibernate:hibernate-validator (Maven) Jun 15, 2020
JesseEstum Credited to JesseEstum
Deserialization of Untrusted Data in Bouncy castle Critical
CVE-2018-1000613 was published for org.bouncycastle:bcprov-jdk15on (Maven) Oct 17, 2018
jkmartindale Credited to jkmartindale
ProTip! Advisories are also available from the GraphQL API