Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,722
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,946
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

6,532 advisories

Loading
Apache MINA vulnerable to Deserialization of Untrusted Data Critical
CVE-2026-41635 was published for org.apache.mina:mina-core (Maven) Apr 27, 2026
xxl-job Jobs Handler remove function allows improper control of resource identifiers via ID parameter Low
CVE-2025-9264 was published for com.xuxueli:xxl-job-admin (Maven) Aug 21, 2025
xxl-job Vulnerable to Resource Injection and Authorization Bypass Through User-Controlled Key Low
CVE-2025-9263 was published for com.xuxueli:xxl-job-admin (Maven) Aug 21, 2025
xxl-job has Inadequate Encryption Strength Low
CVE-2025-7789 was published for com.xuxueli:xxl-job-admin (Maven) Jul 18, 2025
Netty MQTT: Resource exhaustion in MqttDecoder Moderate
CVE-2026-44248 was published for io.netty:netty-codec-mqtt (Maven) May 7, 2026
chrisvest Credited to chrisvest
Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41635 Incomplete Fix) Critical
CVE-2026-42779 was published for org.apache.mina:mina-core (Maven) May 1, 2026
Apache Neethi doesn't impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API Moderate
CVE-2026-42404 was published for org.apache.neethi:neethi (Maven) May 1, 2026
Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41409 Incomplete Fix) Critical
CVE-2026-42778 was published for org.apache.mina:mina-core (Maven) May 1, 2026
Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization High
CVE-2026-42402 was published for org.apache.neethi:neethi (Maven) May 1, 2026
Apache Neethi does not properly detect circular references in policy definitions. High
CVE-2026-42403 was published for org.apache.neethi:neethi (Maven) May 1, 2026
Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect High
CVE-2026-44503 was published for Microsoft.Kiota.Abstractions (Go) May 7, 2026
MIchaelMainer Credited to MIchaelMainer
Shopizer is vulnerable to Cross-site Scripting Moderate
CVE-2026-36766 was published for com.shopizer:shopizer (Maven) Apr 30, 2026
Shopizer has a path traversal issue Critical
CVE-2026-36767 was published for com.shopizer:shopizer (Maven) Apr 30, 2026
Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS High
CVE-2026-42587 was published for io.netty:netty-codec-http (Maven) May 7, 2026
offset Credited to offset
Netty Redis Codec Encoder has a CRLF Injection Issue Moderate
CVE-2026-42586 was published for io.netty:netty-codec-redis (Maven) May 7, 2026
Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding Moderate
CVE-2026-42585 was published for io.netty:netty-codec-http (Maven) May 7, 2026
violetagg Credited to violetagg
Netty has HttpClientCodec response desynchronization High
CVE-2026-42584 was published for io.netty:netty-codec-http (Maven) May 7, 2026
violetagg Credited to violetagg
Netty Lz4FrameDecoder is vulnerable to resource exhaustion High
CVE-2026-42583 was published for io.netty:netty-codec (Maven) May 7, 2026
violetagg Credited to violetagg
Netty HTTP/3 QPACK literal unbounded allocation High
CVE-2026-42582 was published for io.netty:netty-codec-http3 (Maven) May 7, 2026
violetagg Credited to violetagg
Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization Moderate
CVE-2026-42581 was published for io.netty:netty-codec-http (Maven) May 7, 2026
subbudvk Credited to subbudvk
Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing Moderate
CVE-2026-42580 was published for io.netty:netty-codec-http (Maven) May 7, 2026
violetagg Credited to violetagg
Netty has a DNS Codec Input Validation Bypass (Encoder + Decoder) High
CVE-2026-42579 was published for io.netty:netty-codec-dns (Maven) May 7, 2026
Netty has HTTP Header Injection via HttpProxyHandler Disabled Validation (Incomplete Fix CVE-2025-67735) Low
CVE-2026-42578 was published for io.netty:netty-handler-proxy (Maven) May 7, 2026
August829 Credited to August829
OpenSearch has ineffective TLS certificate hostname verification Low
GHSA-x5hg-x4gv-j98m was published for org.opensearch.plugin:opensearch-security (Maven) May 7, 2026
OpenSearch Security plugin: DLS not applied on documents linked by has_child or has_parent relation Moderate
GHSA-x83w-23jp-g6pw was published for org.opensearch.plugin:opensearch-security (Maven) May 7, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database