GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
Improper Handling of Exceptional Conditions and Origin Validation Error in Eclipse Paho Java client library
Moderate
CVE-2019-11777
was published
for
org.eclipse.paho:org.eclipse.paho.client.mqttv3
(Maven)
Sep 17, 2019
Origin Validation Error in Apache Maven
Critical
CVE-2021-26291
was published
for
org.apache.maven:maven-compat
(Maven)
Jun 16, 2021
Default CORS config allows any origin with credentials
Critical
CVE-2021-39185
was published
for
org.http4s:http4s-server_2.10
(Maven)
Sep 2, 2021
Liferay Portal and Liferay DXP fails to check origin of event messages
Moderate
CVE-2022-25146
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Mar 4, 2022
Apache Knox allows impersonation of users
Moderate
CVE-2017-5646
was published
for
org.apache.knox:gateway-provider-identity-assertion-common
(Maven)
May 13, 2022
Origin Validation Error in Apache NiFi
High
CVE-2017-7667
was published
for
org.apache.nifi:nifi
(Maven)
May 17, 2022
Zip4j Origin Validation Error
Moderate
CVE-2023-22899
was published
for
net.lingala.zip4j:zip4j
(Maven)
Jan 10, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing hostname validation
Moderate
CVE-2023-32993
was published
for
io.jenkins.plugins:miniorange-saml-sp
(Maven)
May 16, 2023
Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
High
CVE-2024-23898
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jan 24, 2024
Keycloak path traversal vulnerability in the redirect validation
High
CVE-2024-2419
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS
High
CVE-2024-1249
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Duplicate Advisory: Keycloak phishing attack via email verification step in first login flow
Moderate
GHSA-gj52-35xm-gxjh
was published
for
org.keycloak:keycloak-services
(Maven)
Jul 10, 2025
•
withdrawn
Keycloak phishing attack via email verification step in first login flow
Moderate
CVE-2025-7365
was published
for
org.keycloak:keycloak-services
(Maven)
Jul 30, 2025
Liferay Portal fails to verify messages from the cluster network is trusted
Moderate
CVE-2025-62250
was published
for
com.liferay:com.liferay.portal.cluster.multiple
(Maven)
Oct 21, 2025
Apache Camel: KeycloakSecurityPolicy does not validate issuer of JWT tokens against configured realm
Critical
CVE-2026-23552
was published
for
org.apache.camel:camel-keycloak
(Maven)
Feb 23, 2026
Jenkins has a DNS rebinding vulnerability in WebSocket CLI origin validation
High
CVE-2026-33002
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 18, 2026
HAPI FHIR Core has Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect
High
CVE-2026-34359
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.core
(Maven)
Mar 30, 2026
Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim
Low
CVE-2026-37977
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 6, 2026
Java-SDK has a DNS Rebinding Vulnerability
High
CVE-2026-35568
was published
for
io.modelcontextprotocol.sdk:mcp-core
(Maven)
Apr 7, 2026
Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation
Critical
CVE-2026-27478
was published
for
io.unitycatalog:unitycatalog-server
(Maven)
May 11, 2026
Appsmith: Configuration-dependent origin validation bypass in password reset and email verification link generation
High
GHSA-j9gf-vw2f-9hrw
was published
for
com.appsmith:server
(Maven)
Jun 12, 2026
ProTip!
Advisories are also available from the
GraphQL API