{"source":"ghsa-maven","note":"Free 5-item preview. The full feed is $0.05/call at GET /v1/ghsa-maven/changes.","question":"Which new GitHub security advisories affecting Maven/Java packages were published since T, and how severe are they?","sample":[{"source":"ghsa-maven","entityId":"ghsa:GHSA-6jv9-x5w9-2ccm","type":"advisory","title":"GHSA-6jv9-x5w9-2ccm / CVE-2026-48006: Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator","summary":"HIGH severity. Affected: io.netty:netty-codec-redis, io.netty:netty-codec-redis.","significance":8,"detectedAt":"2026-07-14T22:21:18.678Z","effectiveDate":"2026-06-11T13:26:06Z","sourceUrl":"https://github.com/advisories/GHSA-6jv9-x5w9-2ccm","detail":{"severity":"high","cve":"CVE-2026-48006","packages":"io.netty:netty-codec-redis, io.netty:netty-codec-redis","cvss":7.5}},{"source":"ghsa-maven","entityId":"ghsa:GHSA-32hf-8jw3-v4qq","type":"advisory","title":"GHSA-32hf-8jw3-v4qq / CVE-2026-48040: netty-incubator-codec-ohttp's Incorrect Native Pointer Derivation in Pooled Direct ByteBuf Fallback Leads to Out-of-Bounds Native Memory Access","summary":"MEDIUM severity. Affected: io.netty.incubator:netty-incubator-codec-ohttp-hpke-native-boringssl.","significance":5,"detectedAt":"2026-07-14T22:21:18.678Z","effectiveDate":"2026-06-11T13:28:37Z","sourceUrl":"https://github.com/advisories/GHSA-32hf-8jw3-v4qq","detail":{"severity":"medium","cve":"CVE-2026-48040","packages":"io.netty.incubator:netty-incubator-codec-ohttp-hpke-native-boringssl","cvss":null}},{"source":"ghsa-maven","entityId":"ghsa:GHSA-c2gf-v879-257j","type":"advisory","title":"GHSA-c2gf-v879-257j / CVE-2026-48043: netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion","summary":"MEDIUM severity. Affected: io.netty:netty-codec-http2, io.netty:netty-codec-http2.","significance":5,"detectedAt":"2026-07-14T22:21:18.678Z","effectiveDate":"2026-06-11T13:28:46Z","sourceUrl":"https://github.com/advisories/GHSA-c2gf-v879-257j","detail":{"severity":"medium","cve":"CVE-2026-48043","packages":"io.netty:netty-codec-http2, io.netty:netty-codec-http2","cvss":5.3}},{"source":"ghsa-maven","entityId":"ghsa:GHSA-h2qv-fj59-j46j","type":"advisory","title":"GHSA-h2qv-fj59-j46j / CVE-2026-48059: Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion","summary":"HIGH severity. Affected: io.netty:netty-codec-haproxy, io.netty:netty-codec-haproxy.","significance":8,"detectedAt":"2026-07-14T22:21:18.678Z","effectiveDate":"2026-06-11T20:19:27Z","sourceUrl":"https://github.com/advisories/GHSA-h2qv-fj59-j46j","detail":{"severity":"high","cve":"CVE-2026-48059","packages":"io.netty:netty-codec-haproxy, io.netty:netty-codec-haproxy","cvss":7.5}},{"source":"ghsa-maven","entityId":"ghsa:GHSA-g628-r368-6vh7","type":"advisory","title":"GHSA-g628-r368-6vh7 / CVE-2025-27511: GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection","summary":"HIGH severity. Affected: org.geoserver.extension:gs-db2.","significance":7,"detectedAt":"2026-07-14T22:21:18.678Z","effectiveDate":"2026-06-11T20:34:00Z","sourceUrl":"https://github.com/advisories/GHSA-g628-r368-6vh7","detail":{"severity":"high","cve":"CVE-2025-27511","packages":"org.geoserver.extension:gs-db2","cvss":7.2}}]}