Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,153
Maven
5,000+
npm
5,000+
NuGet
861
pip
4,451
Pub
12
RubyGems
991
Rust
1,179
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,076 advisories

Loading
Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API Moderate
CVE-2026-3429 was published for org.keycloak:keycloak-services (Maven) Mar 11, 2026
Vaadin Vulnerable to Authentication Bypass When Accessing the /VAADIN Endpoint Without a Trailing Slash Moderate
CVE-2026-2742 was published for com.vaadin:flow-server (Maven) Mar 10, 2026
Apache PDFBox has Path Traversal through PDComplexFileSpecification.getFilename() function Moderate
CVE-2026-23907 was published for org.apache.pdfbox:pdfbox-examples (Maven) Mar 10, 2026
Cloudfoundry UAA has logic error in the token revocation endpoint implementation Moderate
CVE-2026-22723 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) Mar 5, 2026
Apache ActiveMQ is Vulnerable to Integer Overflow or Wraparound Moderate
CVE-2025-66168 was published for org.apache.activemq:activemq-all (Maven) Mar 4, 2026
Apache Ranger Vulnerable to Improper Validation of Certificate with Host Mismatch Moderate
CVE-2025-59060 was published for org.apache.ranger:ranger-nifi-registry-plugin (Maven) Mar 3, 2026
PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages Moderate
CVE-2026-28338 was published for net.sourceforge.pmd:pmd-core (Maven) Feb 28, 2026
smaranchand Credited to smaranchand
Junrar has an arbitrary file write due to backslash Path Traversal bypass in LocalFolderExtractor on Linux/Unix Moderate
CVE-2026-28208 was published for com.github.junrar:junrar (Maven) Feb 27, 2026
Cache-Money Credited to Cache-Money
Keycloak Server Private SPI: Improper Access Control Allows Administrators to Bypass Attribute Visibility Restrictions and Modify Unmanaged User Profile Attributes Moderate
CVE-2026-0871 was published for org.keycloak:keycloak-server-spi-private (Maven) Feb 27, 2026
Jenkins has a build information disclosure vulnerability through Run Parameter Moderate
CVE-2026-27100 was published for org.jenkins-ci.main:jenkins-core (Maven) Feb 18, 2026
Bruceliu-rs Credited to Bruceliu-rs
Apache Tomcat - Client certificate verification bypass Moderate
CVE-2025-66614 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Feb 17, 2026
Jenson3210 Credited to Jenson3210
Apache Avro Java SDK is Vulnerable to Code Injection Moderate
CVE-2025-33042 was published for org.apache.avro:avro-compiler (Maven) Feb 13, 2026
levpachmanov Credited to levpachmanov
XWiki vulnerable to click-jacking through CSS injection in comments Moderate
CVE-2026-26000 was published for org.xwiki.platform:xwiki-platform-web (Maven) Feb 12, 2026
keechy1231 Credited to keechy1231
Keycloak logs sensitive headers Moderate
CVE-2025-11537 was published for org.keycloak:keycloak-quarkus-server (Maven) Feb 10, 2026
julianladisch Credited to julianladisch
Keycloak Affected by Broken Access Control Vulnerability in the UserManagedPermissionService Moderate
CVE-2025-14778 was published for org.keycloak:keycloak-services (Maven) Feb 9, 2026
eminaktas Credited to eminaktas
Apache Shiro has an Authentication Bypass Moderate
CVE-2026-23903 was published for org.apache.shiro:shiro-spring (Maven) Feb 9, 2026
saivarun3407 Credited to saivarun3407
Neo4j Enterprise and Community vulnerable to a potential information disclosure Moderate
CVE-2026-1622 was published for org.neo4j:neo4j (Maven) Feb 4, 2026
Apache Syncope: Console XXE on Keymaster parameters Moderate
CVE-2026-23795 was published for org.apache.syncope.client.idrepo:syncope-client-idrepo-console (Maven) Feb 3, 2026
Apache Syncope: Reflected XSS on Enduser Login Moderate
CVE-2026-23794 was published for org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui (Maven) Feb 3, 2026
Crafter CMS has Improper Control of Dynamically-Managed Code Resources Moderate
CVE-2026-1770 was published for org.craftercms:craftercms (Maven) Feb 2, 2026
Quick-Media Batik Codec FIX Package has Buffer Overflow Vulnerability in PNG Codec Moderate
CVE-2026-24807 was published for com.github.liuyueyi.media:batik-codec-fix (Maven) Jan 27, 2026
weixin4j has Improperly Controlled Sequential Memory Allocation Moderate
CVE-2026-24819 was published for com.foxinmy:weixin4j-base (Maven) Jan 27, 2026
jsonrpc4j has Infinite Loop in RPC Stream Writer Moderate
CVE-2026-24802 was published for com.github.briandilley.jsonrpc4j:jsonrpc4j (Maven) Jan 27, 2026
Quick-Media Batik Codec FIX package has Code Injection vulnerability Moderate
CVE-2026-24806 was published for com.github.liuyueyi.media:batik-codec-fix (Maven) Jan 27, 2026
Hibernate Reactive Vulnerable to DoS via Connection Pool Exhaustion Moderate
CVE-2025-14969 was published for org.hibernate.reactive:hibernate-reactive-core (Maven) Jan 26, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database