GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
2,197 advisories
OpenAM OAuth Client Impersonation via JWKS Resolver Cache
High
CVE-2026-47426
was published
for
org.openidentityplatform.openam:openam-oauth2
(Maven)
Jun 29, 2026
OpenAM Authenticated RCE via Groovy Sandbox Escape
High
CVE-2026-47424
was published
for
org.openidentityplatform.openam:openam-scripting
(Maven)
Jun 29, 2026
OpenAM Account Takeover via Unverified Password Change in OAuth2 Module
High
CVE-2026-46623
was published
for
org.openidentityplatform.openam:openam-auth-oauth2
(Maven)
Jun 26, 2026
OpenAM Authentication Bypass via MSISDN LDAP Injection
High
CVE-2026-46619
was published
for
org.openidentityplatform.openam:openam-auth-msisdn
(Maven)
Jun 26, 2026
OpenAM: Unauthenticated Authentication Bypass via RADIUS Spoofing
High
CVE-2026-46560
was published
for
org.openidentityplatform.openam:openam-radius
(Maven)
Jun 25, 2026
OpenAM Arbitrary OAuth Token Minting via Push Registration
High
CVE-2026-46498
was published
for
org.openidentityplatform.openam:openam-oauth2
(Maven)
Jun 25, 2026
OpenAM has Unsafe Java Deserialization via SNS
High
CVE-2026-45794
was published
for
org.openidentityplatform.openam:openam-push-notification
(Maven)
Jun 25, 2026
jackson-databind has an array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray)
High
CVE-2026-54513
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 23, 2026
jackson-databind has a PolymorphicTypeValidator bypass via generic type parameters that allows arbitrary class instantiation
High
CVE-2026-54512
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 23, 2026
OpenAM Unauthenticated Session Hijacking via Information Exposure in CDCServlet
High
CVE-2026-45049
was published
for
org.openidentityplatform.openam:openam-federation
(Maven)
Jun 23, 2026
OpenAM Authenticated Privilege Escalation via Raw Token Disclosure Session RPC
High
CVE-2026-45048
was published
for
org.openidentityplatform.openam:openam-core
(Maven)
Jun 23, 2026
OpenAM has LDAP Injection via `_queryId` Parameter
High
CVE-2026-41573
was published
for
org.openidentityplatform.openam:openam-core-rest
(Maven)
Jun 22, 2026
JLine3 Telnet server: Unauthenticated Remote Memory Exhaustion via Unbounded Telnet NEW-ENVIRON Variables
High
GHSA-47qp-hqvx-6r3f
was published
for
org.jline:jline-remote-telnet
(Maven)
Jun 18, 2026
JLine3 Telnet server: Unauthenticated Remote DoS via Unbounded Telnet NAWS Terminal Geometry
High
GHSA-2r2c-cx56-8933
was published
for
org.jline:jline-remote-telnet
(Maven)
Jun 18, 2026
Karate Mock Server RCE via embedded expression evaluation of request-derived data
High
GHSA-2c85-rfcc-g74j
was published
for
io.karatelabs:karate-core
(Maven)
Jun 18, 2026
Strimzi: Cross-namespace privilege escalation via `Kafka.spec.entityOperator`
High
CVE-2026-55225
was published
for
io.strimzi:strimzi
(Maven)
Jun 18, 2026
HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS
High
CVE-2026-55470
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.convertors
(Maven)
Jun 17, 2026
handlebars.java FileTemplateLoader Path Traversal
High
CVE-2026-55760
was published
for
com.github.jknack:handlebars
(Maven)
Jun 17, 2026
LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector
High
CVE-2026-55405
was published
for
dev.langchain4j:langchain4j-mariadb
(Maven)
Jun 17, 2026
Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length
High
CVE-2026-50011
was published
for
io.netty:netty-codec-redis
(Maven)
Jun 15, 2026
ProTip!
Advisories are also available from the
GraphQL API