Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,894
Maven
5,000+
npm
5,000+
NuGet
963
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,373
Swift
54
Unreviewed advisories
All unreviewed
5,000+

3,171 advisories

Loading
Jenkins Microsoft Entra ID (previously Azure AD) Plugin has an open redirect vulnerability Moderate
CVE-2026-42525 was published for org.jenkins-ci.plugins:azure-ad (Maven) Apr 29, 2026
Jenkins Matrix Authorization Strategy Plugin: Unsafe deserialization allows invocation of parameterless constructors Moderate
CVE-2026-42521 was published for org.jenkins-ci.plugins:matrix-auth (Maven) Apr 29, 2026
Jenkins Script Security Plugin: Missing permission checks allow enumeration of pending and approved classpaths Moderate
CVE-2026-42519 was published for org.jenkins-ci.plugins:script-security (Maven) Apr 29, 2026
Jenkins GitHub Branch Source Plugin: Missing permissions check allows attackers to perform a connection test Moderate
CVE-2026-42522 was published for org.jenkins-ci.plugins:github-branch-source (Maven) Apr 29, 2026
Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources Moderate
CVE-2026-22745 was published for org.springframework:spring-webflux (Maven) Apr 29, 2026
Spring gRPC SecurityContext leaks across requests upon authorization failure Moderate
CVE-2026-40968 was published for org.springframework.grpc:spring-grpc (Maven) Apr 28, 2026
Spring AI's VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration Moderate
CVE-2026-40966 was published for org.springframework.ai:spring-ai-advisors-vector-store (Maven) Apr 28, 2026
Spring AI Vulnerable to OOM by attacker-controlled PDF Moderate
CVE-2026-40980 was published for org.springframework.ai:spring-ai-pdf-document-reader (Maven) Apr 28, 2026
Spring AI's ONNX model cache defaults to world-writable predictable /tmp directory Moderate
CVE-2026-40979 was published for org.springframework.ai:spring-ai-transformers (Maven) Apr 28, 2026
Spring Boot's Cassandra SSL auto-configuration disables TLS hostname verification Moderate
CVE-2026-40974 was published for org.springframework.boot:spring-boot-cassandra (Maven) Apr 28, 2026
Spring Boot's PID file write follows symlinks at predictable default path Moderate
CVE-2026-40977 was published for org.springframework.boot:spring-boot-cassandra (Maven) Apr 28, 2026
Spring Boot's random value property source uses a weak PRNG unsuitable for secrets Moderate
CVE-2026-40975 was published for org.springframework.boot:spring-boot-cassandra (Maven) Apr 28, 2026
Spring Boot's RabbitMQ auto-configuration doesn't perform hostname verification when connecting to the RabbitMQ broker Moderate
CVE-2026-40971 was published for org.springframework.boot:spring-boot-rabbitmq (Maven) Apr 28, 2026
Spring Boot's Elasticsearch auto-configuration doesn't perform hostname verification when connecting to the Elasticsearch server. Moderate
CVE-2026-40970 was published for org.springframework.boot:spring-boot-elasticsearch (Maven) Apr 27, 2026
Apache Storm's Improper Handling of TLS Client Authentication Failure Leads to Anonymous Principal Assignment Moderate
CVE-2026-41081 was published for org.apache.storm:storm-client (Maven) Apr 27, 2026
Apache Storm Prometheus Reporter vulnerable to Improper Certificate Validation via Global SSL Context Downgrade Moderate
CVE-2026-40557 was published for org.apache.storm:storm-metrics-prometheus (Maven) Apr 27, 2026
Apache Camel-Consul component vulnerable to Deserialization of Untrusted Data Moderate
CVE-2026-27172 was published for org.apache.camel:camel-consul (Maven) Apr 27, 2026
Dynamic-Datasource has an Injection vulnerability Moderate
CVE-2026-7045 was published for com.baomidou:dynamic-datasource-spring (Maven) Apr 27, 2026
Apache ActiveMQ Vulnerable to Cross-site Scripting Moderate
CVE-2026-41043 was published for org.apache.activemq:activemq-all (Maven) Apr 24, 2026
Apache DolphinScheduler RPC module has a Deserialization of Untrusted Data vulnerability Moderate
CVE-2025-62233 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Apr 24, 2026
H2O-3 is Vulnerable to Code Injection Moderate
CVE-2026-3960 was published for ai.h2o:h2o-core (Maven) Apr 23, 2026
Silverpeas Core has a reflected cross-site scripting vulnerability Moderate
CVE-2026-30139 was published for org.silverpeas.core:silverpeas-core-war (Maven) Apr 22, 2026
Spring Security has Potential Security Misconfiguration when Using withIssuerLocation Moderate
CVE-2026-22748 was published for org.springframework.security:spring-security-oauth2-jose (Maven) Apr 22, 2026
Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates Moderate
CVE-2026-22747 was published for org.springframework.security:spring-security-web (Maven) Apr 22, 2026
Spring Security Core has a TOCTOU race condition when One-Time Token login with JdbcOneTimeTokenService is configured Moderate
CVE-2026-22751 was published for org.springframework.security:spring-security-core (Maven) Apr 21, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database