Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,948
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,383
Swift
56
Unreviewed advisories
All unreviewed
5,000+

6,605 advisories

Loading
Apache OpenNLP DictionaryEntryPersistor Vulnerable to XML External Entity (XXE) via Unsanitized Dictionary Parsing Critical
CVE-2026-40682 was published for org.apache.opennlp:opennlp-tools (Maven) May 4, 2026
Apache Atlas has a Code Injection Vulnerability High
CVE-2026-40563 was published for org.apache.atlas:apache-atlas (Maven) May 4, 2026
OpenMRS Module Upload Vulnerable to Path Traversal (Zip Slip) Critical
CVE-2026-40076 was published for org.openmrs.web:openmrs-web (Maven) May 4, 2026
Arron-bit Credited to Arron-bit
Quarkus has Authentication/Authorization bypasses High
CVE-2026-39852 was published for io.quarkus:quarkus-vertx-http (Maven) May 4, 2026
p- Credited to p-
OpenMRS ModuleResourcesServlet has Path Traversal that Leads to Arbitrary File Read High
CVE-2026-40075 was published for org.openmrs.web:openmrs-web (Maven) May 4, 2026
Arron-bit Credited to Arron-bit
jOpenDocument has an improper restriction of XML external entity reference vulnerability Moderate
CVE-2026-6501 was published for org.jopendocument:jOpenDocument (Maven) May 4, 2026
Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41635 Incomplete Fix) Critical
CVE-2026-42779 was published for org.apache.mina:mina-core (Maven) May 1, 2026
Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41409 Incomplete Fix) Critical
CVE-2026-42778 was published for org.apache.mina:mina-core (Maven) May 1, 2026
Apache Neethi doesn't impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API Moderate
CVE-2026-42404 was published for org.apache.neethi:neethi (Maven) May 1, 2026
Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization High
CVE-2026-42402 was published for org.apache.neethi:neethi (Maven) May 1, 2026
Apache Neethi does not properly detect circular references in policy definitions. High
CVE-2026-42403 was published for org.apache.neethi:neethi (Maven) May 1, 2026
Shopizer is vulnerable to Cross-site Scripting Moderate
CVE-2026-36766 was published for com.shopizer:shopizer (Maven) Apr 30, 2026
Shopizer has a path traversal issue Critical
CVE-2026-36767 was published for com.shopizer:shopizer (Maven) Apr 30, 2026
Keycloak has a Forced Browsing issue Moderate
CVE-2026-7500 was published for org.keycloak:keycloak-services (Maven) Apr 30, 2026
appsmith has SQL Injection in FilterDataService via Unsafe DROP TABLE Execution High
GHSA-h8cj-hpmg-636v was published for com.appsmith:interfaces (Maven) Apr 29, 2026
liyander Credited to liyander
fabric-sdk-java has ObjectInputStream.readObject() without ObjectInputFilter, which allows Java deserialization RCE Critical
CVE-2026-41586 was published for org.hyperledger.fabric-sdk-java:fabric-sdk-java (Maven) Apr 29, 2026
brodmart Credited to brodmart
Jenkins HTML Publisher Plugin has a XSS vulnerability in the legacy wrapper file High
CVE-2026-42524 was published for org.jenkins-ci.plugins:htmlpublisher (Maven) Apr 29, 2026
Jenkins Microsoft Entra ID (previously Azure AD) Plugin has an open redirect vulnerability Moderate
CVE-2026-42525 was published for org.jenkins-ci.plugins:azure-ad (Maven) Apr 29, 2026
Jenkins Script Security Plugin: Missing permission checks allow enumeration of pending and approved classpaths Moderate
CVE-2026-42519 was published for org.jenkins-ci.plugins:script-security (Maven) Apr 29, 2026
Jenkins GitHub Branch Source Plugin: Missing permissions check allows attackers to perform a connection test Moderate
CVE-2026-42522 was published for org.jenkins-ci.plugins:github-branch-source (Maven) Apr 29, 2026
Jenkins Matrix Authorization Strategy Plugin: Unsafe deserialization allows invocation of parameterless constructors Moderate
CVE-2026-42521 was published for org.jenkins-ci.plugins:matrix-auth (Maven) Apr 29, 2026
Jenkins Credentials Binding Plugin has a path traversal vulnerability High
CVE-2026-42520 was published for org.jenkins-ci.plugins:credentials-binding (Maven) Apr 29, 2026
Jenkins GitHub Plugin has an XSS vulnerability Critical
CVE-2026-42523 was published for org.jenkins-ci.plugins:git (Maven) Apr 29, 2026
Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources Moderate
CVE-2026-22745 was published for org.springframework:spring-webflux (Maven) Apr 29, 2026
Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. Low
CVE-2026-22741 was published for org.springframework:spring-webflux (Maven) Apr 29, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database