Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,153
Maven
5,000+
npm
5,000+
NuGet
861
pip
4,451
Pub
12
RubyGems
991
Rust
1,179
Swift
50
Unreviewed advisories
All unreviewed
5,000+

2,021 advisories

Loading
Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager High
CVE-2026-24281 was published for org.apache.zookeeper:zookeeper (Maven) Mar 7, 2026
kascit Credited to kascit
Apache ZooKeeper has improper handling of configuration values High
CVE-2026-24308 was published for org.apache.zookeeper:zookeeper (Maven) Mar 7, 2026
Keycloak allows authentication using an Identity Provider (IdP) even after it has been disabled by an administrator High
CVE-2026-3009 was published for org.keycloak:keycloak-services (Maven) Mar 5, 2026
Keycloak SAML Broken has Authentication Bypass by Primary Weakness High
CVE-2026-3047 was published for org.keycloak:keycloak-broker-saml (Maven) Mar 5, 2026
The Eclipse Jetty Server Artifact has a Gzip request memory leak High
CVE-2026-1605 was published for org.eclipse.jetty:jetty-server (Maven) Mar 5, 2026
glebashnik Credited to glebashnik and bjorncs bjorncs bjorncs
jackson-core has Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion High
CVE-2026-29062 was published for tools.jackson.core:jackson-core (Maven) Mar 4, 2026
sprabhav7 Credited to sprabhav7 and rohan-repos rohan-repos rohan-repos
XWiki Blog Application home page vulnerable to Stored XSS via Post Title High
CVE-2025-66024 was published for org.xwiki.contrib.blog:application-blog-ui (Maven) Mar 4, 2026
lukasz-rybak Credited to lukasz-rybak
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition High
GHSA-72hv-8253-57qq was published for com.fasterxml.jackson.core:jackson-core (Maven) Feb 28, 2026
sprabhav7 Credited to sprabhav7, rohan-repos, and neilmadden-hazelcast rohan-repos rohan-repos
neilmadden-hazelcast neilmadden-hazelcast
c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property High
CVE-2026-27830 was published for com.mchange:c3p0 (Maven) Feb 25, 2026
dpp Credited to dpp
mchange-commons-java: Remote Code Execution via JNDI Reference Resolution High
CVE-2026-27727 was published for com.mchange:mchange-commons-java (Maven) Feb 25, 2026
dpp Credited to dpp
Apache Camel Deserializes Untrusted Data in its LevelDB Component High
CVE-2026-25747 was published for org.apache.camel:camel-leveldb (Maven) Feb 23, 2026
Jenkins has a stored XSS vulnerability in node offline cause description High
CVE-2026-27099 was published for org.jenkins-ci.main:jenkins-core (Maven) Feb 18, 2026
Bruceliu-rs Credited to Bruceliu-rs
Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates High
CVE-2026-25903 was published for org.apache.nifi:nifi-web-api (Maven) Feb 17, 2026
Wildfly Elytron integration susceptible to brute force attacks via CLI High
CVE-2025-23368 was published for org.wildfly.core:wildfly-elytron-integration (Maven) Feb 13, 2026
Leaky JWTs in OpenMetadata exposing highly-privileged bot users High
CVE-2026-26010 was published for org.open-metadata:openmetadata-sdk (Maven) Feb 11, 2026
amfor Credited to amfor
Keycloak fails to verify if an Identity Provider (IdP) is enabled before issuing tokens High
CVE-2026-1486 was published for org.keycloak:keycloak-services (Maven) Feb 9, 2026
eminaktas Credited to eminaktas
Keycloak affected by improper invitation token validation High
CVE-2026-1529 was published for org.keycloak:keycloak-services (Maven) Feb 9, 2026
eminaktas Credited to eminaktas
Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names High
CVE-2024-4027 was published for io.undertow:undertow-core (Maven) Jan 30, 2026
za-rudeboy Credited to za-rudeboy
AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion High
CVE-2026-24400 was published for org.assertj:assertj-core (Maven) Jan 26, 2026
wxt201 Credited to wxt201 and scordio scordio scordio
Apache Hadoop HDFS Native Client has Out-of-bounds Write Vulnerability High
CVE-2025-27821 was published for org.apache.hadoop:hadoop-hdfs-native-client (Maven) Jan 26, 2026
Apache Solr: Insufficient file-access checking in standalone core-creation requests High
CVE-2026-22444 was published for org.apache.solr:solr-core (Maven) Jan 21, 2026
Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin High
CVE-2026-22022 was published for org.apache.solr:solr-core (Maven) Jan 21, 2026
Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass High
CVE-2025-29847 was published for org.apache.linkis:linkis (Maven) Jan 19, 2026
Jervis's AES CBC Mode is Without Authentication High
CVE-2025-68931 was published for net.gleske:jervis (Maven) Jan 13, 2026
Jervis Has Weak Random for Timing Attack Mitigation High
CVE-2025-68704 was published for net.gleske:jervis (Maven) Jan 13, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database