GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
6,431 advisories
Zserio Runtime: Integer Overflow in BitStreamReader and Unbounded Memory Allocation in Deserialization
High
CVE-2026-33524
was published
for
io.github.ndsev:zserio-runtime
(Maven)
Apr 24, 2026
Apktool: Path Traversal to Arbitrary File Write
High
CVE-2026-39973
was published
for
org.apktool:apktool-lib
(Maven)
Apr 23, 2026
OpenRemote has Improper Access Control via updateUserRealmRoles function
High
CVE-2026-41166
was published
for
io.openremote:openremote-manager
(Maven)
Apr 22, 2026
Spinnaker: RCE via expression parsing due to unrestricted context handling
Critical
CVE-2026-32613
was published
for
io.spinnaker.echo:echo-pipelinetriggers
(Maven)
Apr 21, 2026
Spinnaker: RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths
Critical
CVE-2026-32604
was published
for
io.spinnaker.clouddriver:clouddriver-artifacts-gitrepo
(Maven)
Apr 21, 2026
OmniFaces: EL injection via crafted resource name in wildcard CDN mapping
High
GHSA-vp6r-9m58-5xv8
was published
for
org.omnifaces:omnifaces
(Maven)
Apr 16, 2026
Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix
Moderate
CVE-2026-41245
was published
for
com.github.junrar:junrar
(Maven)
Apr 16, 2026
OpenRemote has XXE in Velbus Asset Import
High
CVE-2026-40882
was published
for
io.openremote:openremote-manager
(Maven)
Apr 15, 2026
Jetty has HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
High
CVE-2026-2332
was published
for
org.eclipse.jetty:jetty-http
(Maven)
Apr 14, 2026
XWiki has Reflected Cross-Site Scripting (XSS) in page history compare
Moderate
CVE-2026-40105
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Apr 14, 2026
Expression Injection in OpenRemote
Critical
CVE-2026-39842
was published
for
io.openremote:openremote-manager
(Maven)
Apr 14, 2026
ProTip!
Advisories are also available from the
GraphQL API