Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,857
Maven
5,000+
npm
4,488
NuGet
780
pip
4,243
Pub
12
RubyGems
975
Rust
1,095
Swift
49
Unreviewed advisories
All unreviewed
5,000+

349 advisories

Loading
Logback allows an attacker to instantiate classes already present on the class path Low
CVE-2026-1225 was published for ch.qos.logback:logback-core (Maven) Jan 22, 2026
Keycloak Admin REST API exposes backend schema and rules Low
CVE-2025-14083 was published for org.keycloak:keycloak-services (Maven) Jan 21, 2026
Keycloak does not validate and update refresh token usage atomically Low
CVE-2026-1035 was published for org.keycloak:keycloak-services (Maven) Jan 21, 2026
PlantUML is vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams Low
CVE-2026-0858 was published for net.sourceforge.plantuml:plantuml (Maven) Jan 16, 2026
Keycloak has an improper input validation vulnerability Low
CVE-2026-0976 was published for org.keycloak:keycloak-quarkus-server (Maven) Jan 15, 2026
Jenkins has a CSRF vulnerability on the login form Low
CVE-2025-67639 was published for org.jenkins-ci.main:jenkins-core (Maven) Dec 10, 2025
Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions Low
CVE-2025-14082 was published for org.keycloak:keycloak-services (Maven) Dec 10, 2025
julianladisch
Credited to julianladisch
Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function Low
CVE-2025-66453 was published for org.mozilla:rhino (Maven) Dec 3, 2025
TechPizzaDev
Credited to TechPizzaDev
Keycloak unable to restrict access to the admin console Low
CVE-2025-10939 was published for org.keycloak:keycloak-quarkus-server (Maven) Dec 2, 2025
NutzBoot vulnerable to deserialization Low
CVE-2025-13805 was published for org.nutz:nutzboot-parent (Maven) Dec 1, 2025
NutzBoot vulnerable to information disclosure Low
CVE-2025-13804 was published for org.nutz:nutzboot-parent (Maven) Dec 1, 2025
Mustangproject allows exfiltrating files via XXE attacks Low
CVE-2025-66372 was published for org.mustangproject:library (Maven) Nov 28, 2025
Resty has a Path Traversal vulnerability Low
CVE-2025-13435 was published for cn.dreampie:resty (Maven) Nov 20, 2025
Protobuf Maven Plugin protocDigest is ignored when using protoc from PATH Low
GHSA-j2pc-v64r-mv4f was published for io.github.ascopes:protobuf-maven-plugin (Maven) Nov 4, 2025
Marcono1234
Credited to Marcono1234
Duplicate Advisory: Keycloak allows access to admin path through flaw Low
GHSA-c6cm-5gc7-c3f4 was published for org.keycloak:keycloak-quarkus-server (Maven) Oct 28, 2025 withdrawn
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences Low
CVE-2025-55754 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
aruneko
Credited to aruneko
Apache Tomcat Vulnerable to Improper Resource Shutdown or Release Low
CVE-2025-61795 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
tkwilli94
Credited to tkwilli94
Liferay Portal Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page Low
CVE-2025-62255 was published for com.liferay:com.liferay.knowledge.base.web (Maven) Oct 23, 2025
Liferay Portal and DXP are Missing Authorization in Collection Provider Low
CVE-2025-62247 was published for com.liferay:com.liferay.search.experiences.service (Maven) Oct 22, 2025
Vert.x-Web vulnerable to Stored Cross-site Scripting in directory listings via file names Low
CVE-2025-11966 was published for io.vertx:vertx-web (Maven) Oct 22, 2025
WSO2's Input Validation Management Service contains Observable Discrepancy when Multi-Attribute Login is enabled Low
CVE-2025-1396 was published for org.wso2.carbon.identity.framework:org.wso2.carbon.identity.input.validation.mgt (Maven) Sep 26, 2025
Liferay DXP Missing Critical Step in Authentication Low
CVE-2025-43798 was published for com.liferay:com.liferay.multi.factor.authentication.timebased.otp.web (Maven) Sep 15, 2025
Liferay Portal has External Control of System or Configuration Settings Low
CVE-2025-43792 was published for com.liferay.portal:com.liferay.portal.kernel (Maven) Sep 15, 2025
Liferay Portal JSON Web Services Direct Class Invocation Enables Service Access Policy Execution Low
CVE-2025-43789 was published for com.liferay:com.liferay.comment.web (Maven) Sep 12, 2025
Liferay Portal is vulnerable to XSS attack through its Style Book theme Low
CVE-2025-43774 was published for com.liferay:com.liferay.frontend.taglib.clay (Maven) Sep 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database