GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
907 advisories
Filter by severity
LaunchServer FileServerHandler has an unauthenticated path traversal issue
Critical
CVE-2026-54617
was published
for
pro.gravit.launcher:launchserver-api
(Maven)
Jul 2, 2026
OpenAM Pre-auth User Profile Tampering via Anonymous SOAP Authn in Liberty IDPP/Discovery Endpoints
Critical
CVE-2026-45052
was published
for
org.openidentityplatform.openam:openam-federation-library
(Maven)
Jun 24, 2026
OpenAM: Pre-auth RCE via Java Deserialization in WebAuthn Authenticator Storage
Critical
CVE-2026-45051
was published
for
org.openidentityplatform.openam:openam-auth-webauthn
(Maven)
Jun 24, 2026
OpenDJ Pre-Auth RCE via Java Deserialization in JMX RMI
Critical
CVE-2026-46495
was published
for
org.openidentityplatform.opendj:opendj-server-legacy
(Maven)
Jun 22, 2026
OpenAM has pre-auth Reflected XSS in OAuth2 / OIDC response_mode=form_post via state parameter (FormPostResponse.ftl)
Critical
CVE-2026-44203
was published
for
org.openidentityplatform.openam:openam-oauth2
(Maven)
Jun 22, 2026
xwiki-pro-macros has remote code execution from page title and content via excerpt-include macro
Critical
CVE-2026-44179
was published
for
com.xwiki.pro:xwiki-pro-macros
(Maven)
Jun 22, 2026
OpenRemote Manager: removeAlarms cross-realm IDOR (bulk delete)
Critical
CVE-2026-57168
was published
for
io.openremote:openremote-manager
(Maven)
Jun 19, 2026
HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory
Critical
CVE-2026-55471
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.utilities
(Maven)
Jun 17, 2026
Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure
Critical
CVE-2026-32966
was published
for
org.apache.dolphinscheduler:dolphinscheduler-api
(Maven)
Jun 17, 2026
Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks
Critical
CVE-2026-32967
was published
for
org.apache.dolphinscheduler:dolphinscheduler-api
(Maven)
Jun 17, 2026
Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection
Critical
CVE-2026-46621
was published
for
org.yamcs:yamcs-core
(Maven)
May 27, 2026
Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override
Critical
CVE-2026-46562
was published
for
org.yamcs:yamcs-core
(Maven)
May 27, 2026
Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`
Critical
CVE-2026-44632
was published
for
org.yamcs:yamcs-core
(Maven)
May 27, 2026
XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}
Critical
CVE-2026-33137
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
May 26, 2026
XWiki Platform has path traversal via resources parameter in ssx and jsx endpoints when using leading slash
Critical
CVE-2026-23734
was published
for
org.xwiki.commons:xwiki-commons-classloader-api
(Maven)
May 26, 2026
Apache CXF has an LDAP injection vulnerability
Critical
CVE-2026-44930
was published
for
org.apache.cxf.services.xkms:cxf-services-xkms-x509-repo-ldap
(Maven)
May 26, 2026
GlassFish's Administration Console is Vulnerable to RCE
Critical
CVE-2026-2586
was published
for
org.glassfish.jsftemplating:jsftemplating
(Maven)
May 19, 2026
GlassFish's gadget handler is vulnerable to RCE
Critical
CVE-2026-2587
was published
for
org.glassfish.jsftemplating:jsftemplating
(Maven)
May 19, 2026
Camel-CXF and Camel-Knative Message Header are Vulnerable to Injection via Missing Inbound Filtering
Critical
CVE-2026-47323
was published
for
org.apache.camel:camel-cxf-rest
(Maven)
May 19, 2026
Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading
Critical
CVE-2026-8178
was published
for
com.amazon.redshift:redshift-jdbc42
(Maven)
May 14, 2026
Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy
Critical
CVE-2026-45083
was published
for
io.goobi.viewer:viewer-core
(Maven)
May 13, 2026
Mapfish Print: Remote Code Injection (RCE) in Dynamic table
Critical
CVE-2026-44672
was published
for
org.mapfish.print:print-lib
(Maven)
May 13, 2026
Security feature bypass vulnerability in Azure Key Vault Keys library for Java
Critical
CVE-2026-33117
was published
for
com.azure:azure-security-keyvault-keys
(Maven)
May 12, 2026
Apache Tomcat - HTTP/2 request headers not validated
Critical
CVE-2026-41293
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 12, 2026
Apache Tomcat - Digest authenticator will authenticate any unknown user
Critical
CVE-2026-43512
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 12, 2026
ProTip!
Advisories are also available from the
GraphQL API