Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,894
Maven
5,000+
npm
5,000+
NuGet
963
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,373
Swift
54
Unreviewed advisories
All unreviewed
5,000+

6,588 advisories

Loading
OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users High
CVE-2026-46481 was published for org.open-metadata:openmetadata-service (Maven) May 21, 2026
JorgeCampoverdeA Credited to JorgeCampoverdeA
camel-infinispan Vulnerable to Deserialization of Untrusted Data High
CVE-2026-6857 was published for org.apache.camel:camel-infinispan (Maven) Apr 22, 2026
Uncontrolled Resource Consumption in FasterXML jackson-databind High
CVE-2022-42004 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz Credited to AdamKorcz, sonnyhcl, sunSUNQ, pjfanning, and albertabiev1 sonnyhcl sonnyhcl
sunSUNQ sunSUNQ pjfanning pjfanning albertabiev1 albertabiev1
fabric-sdk-java has ObjectInputStream.readObject() without ObjectInputFilter, which allows Java deserialization RCE Critical
CVE-2026-41586 was published for org.hyperledger.fabric-sdk-java:fabric-sdk-java (Maven) Apr 29, 2026
brodmart Credited to brodmart
hjson stack exhaustion vulnerability High
CVE-2023-34620 was published for github.com/hjson/hjson-go/v4 (Composer) Jun 14, 2023
achibear Credited to achibear
Apache Tomcat: Configured cipher preference order not preserved High
CVE-2026-29129 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 9, 2026
aruneko Credited to aruneko
Apache Tomcat: CLIENT_CERT authentication does not fail as expected Critical
CVE-2026-29145 was published for org.apache.tomcat:tomcat (Maven) Apr 9, 2026
aruneko Credited to aruneko
Apache Tomcat Uncontrolled Resource Consumption vulnerability Low
CVE-2024-54677 was published for org.apache.tomcat:tomcat (Maven) Dec 17, 2024
yusuke-koyoshi Credited to yusuke-koyoshi
Potential remote code execution in Apache Tomcat High
CVE-2020-9484 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 21, 2020
sunSUNQ Credited to sunSUNQ and aruneko aruneko aruneko
Apache Tomcat has an HTTP Request/Response Smuggling vulnerability High
CVE-2026-24880 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 9, 2026
tkwilli94 Credited to tkwilli94 and aruneko aruneko aruneko
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat High
CVE-2020-13934 was published for org.apache.tomcat:tomcat (Maven) Feb 8, 2022
aruneko Credited to aruneko
Apache Tomcat Denial of Service vulnerability High
CVE-2019-0199 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 15, 2020
aruneko Credited to aruneko
Apache Commons Configuration: StackOverflowError for YAML input with cycles Moderate
CVE-2026-45205 was published for org.apache.commons:commons-configuration2 (Maven) May 14, 2026
Apache Tomcat: CLIENT_CERT authentication does not fail as expected Moderate
CVE-2026-34500 was published for org.apache.tomcat:tomcat-coyote-ffm (Maven) Apr 9, 2026
aruneko Credited to aruneko
Keycloak: Unauthorized authentication via disabled SAML Identity Provider High
CVE-2026-2603 was published for org.keycloak:keycloak-server-spi-private (Maven) Mar 18, 2026
ig596 Credited to ig596 and sekveaja sekveaja sekveaja
Jetty has HTTP Request Smuggling via Chunked Extension Quoted-String Parsing High
CVE-2026-2332 was published for org.eclipse.jetty:jetty-http (Maven) Apr 14, 2026
xclow3n Credited to xclow3n, jhy, and tlarionova-max jhy jhy
tlarionova-max tlarionova-max
Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service High
CVE-2026-45799 was published for com.squareup.wire:wire-runtime (Maven) May 19, 2026
TrekLaps Credited to TrekLaps
Bouncy Castle has a vulnerability in program files gcm128w, gcm512w Moderate
CVE-2026-8149 was published for org.bouncycastle:bc-fips (Maven) May 8, 2026
ORAS Java: Path traversal in pullArtifact via attacker-controlled org.opencontainers.image.title annotation High
GHSA-xm96-gfjx-jcrc was published for land.oras:oras-java-sdk (Maven) May 19, 2026
ChipWolf Credited to ChipWolf and jonesbusy jonesbusy jonesbusy
fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode Moderate
CVE-2026-45581 was published for org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim (Maven) May 19, 2026
lalalala5678 Credited to lalalala5678 and bestbeforetoday bestbeforetoday bestbeforetoday
Apache Tomcat - Security constraints not correctly applied Critical
CVE-2026-43515 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 12, 2026
Apache Tomcat - AJP secret compared in non-constant time Low
CVE-2026-43514 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 12, 2026
Apache Tomcat - Digest authenticator will authenticate any unknown user Critical
CVE-2026-43512 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 12, 2026
Apache Tomcat: LockOutRealm treats user names as case-sensitive High
CVE-2026-43513 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 12, 2026
Apache Tomcat - WebSocket authentication header exposure High
CVE-2026-42498 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database