Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,549
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,798
Pub
13
RubyGems
1,038
Rust
1,237
Swift
53
Unreviewed advisories
All unreviewed
5,000+

6,424 advisories

Loading
Apache Log4j 1 to Log4j 2 bridge: silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters Moderate
CVE-2026-34479 was published for org.apache.logging.log4j:log4j-1.2-api (Maven) Apr 10, 2026
ppkarwasz Credited to ppkarwasz
Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout Moderate
CVE-2026-34481 was published for org.apache.logging.log4j:log4j-layout-template-json (Maven) Apr 10, 2026
ppkarwasz Credited to ppkarwasz
Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility Moderate
CVE-2026-34478 was published for org.apache.logging.log4j:log4j-core (Maven) Apr 10, 2026
ppkarwasz Credited to ppkarwasz
Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration Moderate
CVE-2026-34477 was published for org.apache.logging.log4j:log4j-core (Maven) Apr 10, 2026
ppkarwasz Credited to ppkarwasz
Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters Moderate
CVE-2026-34480 was published for org.apache.logging.log4j:log4j-core (Maven) Apr 10, 2026
ppkarwasz Credited to ppkarwasz
Apache ActiveMQ: Denial of Service via Out of Memory vulnerability High
CVE-2026-39304 was published for org.apache.activemq:activemq-all (Maven) Apr 10, 2026
Spring Cloud Gateway's SSL bundle configuration silently bypassed High
CVE-2026-22750 was published for org.springframework.cloud:spring-cloud-gateway (Maven) Apr 10, 2026
scottfrederick Credited to scottfrederick
Apache Tomcat Missing Encryption of Sensitive Data vulnerability High
CVE-2026-34486 was published for org.apache.tomcat:tomcat (Maven) Apr 9, 2026
tkwilli94 Credited to tkwilli94
Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File High
CVE-2026-34487 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 9, 2026
Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve High
CVE-2026-34483 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 9, 2026
Apache Tomcat: CLIENT_CERT authentication does not fail as expected Moderate
CVE-2026-34500 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 9, 2026
Apache Tomcat has an HTTP Request/Response Smuggling vulnerability High
CVE-2026-24880 was published for org.apache.tomcat:tomcat (Maven) Apr 9, 2026
tkwilli94 Credited to tkwilli94
Apache Tomcat: CLIENT_CERT authentication does not fail as expected Critical
CVE-2026-29145 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 9, 2026
Apache Tomcat: Padding Oracle vulnerability in EncryptInterceptor High
CVE-2026-29146 was published for org.apache.tomcat:tomcat (Maven) Apr 9, 2026
tkwilli94 Credited to tkwilli94
Apache Tomcat: Configured cipher preference order not preserved High
CVE-2026-29129 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 9, 2026
Apache Tomcat has an Improper Input Validation vulnerability Moderate
CVE-2026-32990 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 9, 2026
tkwilli94 Credited to tkwilli94
Apache Tomcat has an Open Redirect vulnerability Moderate
CVE-2026-25854 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 9, 2026
Apache OpenMeetings Uses GET Request Method With Sensitive Query Strings High
CVE-2026-34020 was published for org.apache.openmeetings:openmeetings-parent (Maven) Apr 9, 2026
Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT vulnerable to Integer Overflow or Wraparound Moderate
CVE-2026-40046 was published for org.apache.activemq:activemq-all (Maven) Apr 9, 2026
Apache OpenMeetings has an Improper Handling of Insufficient Privileges vulnerability Moderate
CVE-2026-33005 was published for org.apache.openmeetings:openmeetings-parent (Maven) Apr 9, 2026
Apache OpenMeetings Uses Hard-coded Cryptographic Key High
CVE-2026-33266 was published for org.apache.openmeetings:openmeetings-parent (Maven) Apr 9, 2026
Apache DolphinScheduler vulnerable to sensitive information disclosure High
CVE-2025-62188 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Apr 9, 2026
quarkus-openapi-generator extension has Zip Slip Path Traversal in ApicurioCodegenWrapper class Moderate
CVE-2026-40180 was published for io.quarkiverse.openapi.generator:quarkus-openapi-generator (Maven) Apr 8, 2026
oscerd Credited to oscerd
Duplicate Advisory: Eclipse Jetty: Early return from the JASPIAuthenticator code can potentially no clear ThreadLocal variables High
GHSA-gc59-r5jq-98qw was published for org.eclipse.jetty.ee10:jetty-ee10 (Maven) Apr 8, 2026 withdrawn
XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API High
CVE-2026-33229 was published for org.xwiki.platform:xwiki-platform-legacy-oldcore (Maven) Apr 8, 2026
azefzafyoussef Credited to azefzafyoussef
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database