Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

2,024 advisories

Loading
Apache Solr: Insufficient file-access checking in standalone core-creation requests High
CVE-2026-22444 was published for org.apache.solr:solr-core (Maven) Jan 21, 2026
Apache Hadoop HDFS Native Client has Out-of-bounds Write Vulnerability High
CVE-2025-27821 was published for org.apache.hadoop:hadoop-hdfs-native-client (Maven) Jan 26, 2026
AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion High
CVE-2026-24400 was published for org.assertj:assertj-core (Maven) Jan 26, 2026
wxt201 Credited to wxt201 and scordio scordio scordio
Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names High
CVE-2024-4027 was published for io.undertow:undertow-core (Maven) Jan 30, 2026
za-rudeboy Credited to za-rudeboy
Keycloak affected by improper invitation token validation High
CVE-2026-1529 was published for org.keycloak:keycloak-services (Maven) Feb 9, 2026
eminaktas Credited to eminaktas
Keycloak fails to verify if an Identity Provider (IdP) is enabled before issuing tokens High
CVE-2026-1486 was published for org.keycloak:keycloak-services (Maven) Feb 9, 2026
eminaktas Credited to eminaktas
Leaky JWTs in OpenMetadata exposing highly-privileged bot users High
CVE-2026-26010 was published for org.open-metadata:openmetadata-sdk (Maven) Feb 11, 2026
amfor Credited to amfor
Wildfly Elytron integration susceptible to brute force attacks via CLI High
CVE-2025-23368 was published for org.wildfly.core:wildfly-elytron-integration (Maven) Feb 13, 2026
Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates High
CVE-2026-25903 was published for org.apache.nifi:nifi-web-api (Maven) Feb 17, 2026
Jenkins has a stored XSS vulnerability in node offline cause description High
CVE-2026-27099 was published for org.jenkins-ci.main:jenkins-core (Maven) Feb 18, 2026
Bruceliu-rs Credited to Bruceliu-rs
Apache Camel Deserializes Untrusted Data in its LevelDB Component High
CVE-2026-25747 was published for org.apache.camel:camel-leveldb (Maven) Feb 23, 2026
mchange-commons-java: Remote Code Execution via JNDI Reference Resolution High
CVE-2026-27727 was published for com.mchange:mchange-commons-java (Maven) Feb 25, 2026
dpp Credited to dpp
c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property High
CVE-2026-27830 was published for com.mchange:c3p0 (Maven) Feb 25, 2026
dpp Credited to dpp
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition High
GHSA-72hv-8253-57qq was published for com.fasterxml.jackson.core:jackson-core (Maven) Feb 28, 2026
sprabhav7 Credited to sprabhav7, rohan-repos, and neilmadden-hazelcast rohan-repos rohan-repos
neilmadden-hazelcast neilmadden-hazelcast
XWiki Blog Application home page vulnerable to Stored XSS via Post Title High
CVE-2025-66024 was published for org.xwiki.contrib.blog:application-blog-ui (Maven) Mar 4, 2026
lukasz-rybak Credited to lukasz-rybak
jackson-core has Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion High
CVE-2026-29062 was published for tools.jackson.core:jackson-core (Maven) Mar 4, 2026
sprabhav7 Credited to sprabhav7 and rohan-repos rohan-repos rohan-repos
The Eclipse Jetty Server Artifact has a Gzip request memory leak High
CVE-2026-1605 was published for org.eclipse.jetty:jetty-server (Maven) Mar 5, 2026
glebashnik Credited to glebashnik and bjorncs bjorncs bjorncs
Keycloak allows authentication using an Identity Provider (IdP) even after it has been disabled by an administrator High
CVE-2026-3009 was published for org.keycloak:keycloak-services (Maven) Mar 5, 2026
Keycloak SAML Broken has Authentication Bypass by Primary Weakness High
CVE-2026-3047 was published for org.keycloak:keycloak-broker-saml (Maven) Mar 5, 2026
Apache ZooKeeper has improper handling of configuration values High
CVE-2026-24308 was published for org.apache.zookeeper:zookeeper (Maven) Mar 7, 2026
Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager High
CVE-2026-24281 was published for org.apache.zookeeper:zookeeper (Maven) Mar 7, 2026
kascit Credited to kascit
Apache Spark: Spark History Server Code Execution Vulnerability High
CVE-2025-54920 was published for org.apache.spark:spark-core_2.10 (Maven) Mar 16, 2026
Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices High
GHSA-43w5-mmxv-cpvh was published for io.micronaut:micronaut-json-core (Maven) Mar 17, 2026
Micronaut Framework vulnerable to a Denial of Service in HTML error response caching High
CVE-2026-33012 was published for io.micronaut:micronaut-http-server (Maven) Mar 17, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database