Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,951
Maven
5,000+
npm
4,597
NuGet
787
pip
4,304
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

354 advisories

Loading
Neo4j Enterprise and Community editions have insufficient escaping of unicode characters in query log Low
CVE-2026-1337 was published for org.neo4j:neo4j (Maven) Feb 6, 2026
Keycloak Server-Side Request Forgery (SSRF) vulnerability Low
CVE-2026-1518 was published for org.keycloak:keycloak-parent (Maven) Feb 2, 2026
Keycloak Admin API allows an administrator with limited privileges to retrieve sensitive custom attributes Low
CVE-2025-13881 was published for org.keycloak:keycloak-services (Maven) Feb 2, 2026
Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods Low
CVE-2026-1190 was published for org.keycloak:keycloak-services (Maven) Jan 26, 2026
Apache Karaf Decanter has Deserialization of Untrusted Data in its Log Socket Collector Low
CVE-2026-24656 was published for org.apache.karaf.decanter.collector:org.apache.karaf.decanter.collector.log.socket (Maven) Jan 26, 2026
Logback allows an attacker to instantiate classes already present on the class path Low
CVE-2026-1225 was published for ch.qos.logback:logback-core (Maven) Jan 22, 2026
Keycloak Admin REST API exposes backend schema and rules Low
CVE-2025-14083 was published for org.keycloak:keycloak-services (Maven) Jan 21, 2026
Keycloak does not validate and update refresh token usage atomically Low
CVE-2026-1035 was published for org.keycloak:keycloak-services (Maven) Jan 21, 2026
Vert.x-Web vulnerable to Stored Cross-site Scripting in directory listings via file names Low
CVE-2025-11966 was published for io.vertx:vertx-web (Maven) Oct 22, 2025
PlantUML is vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams Low
CVE-2026-0858 was published for net.sourceforge.plantuml:plantuml (Maven) Jan 16, 2026
Keycloak has an improper input validation vulnerability Low
CVE-2026-0976 was published for org.keycloak:keycloak-quarkus-server (Maven) Jan 15, 2026
Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions Low
CVE-2025-14082 was published for org.keycloak:keycloak-services (Maven) Dec 10, 2025
julianladisch
Credited to julianladisch
Duplicate Advisory: Keycloak allows access to admin path through flaw Low
GHSA-c6cm-5gc7-c3f4 was published for org.keycloak:keycloak-quarkus-server (Maven) Oct 28, 2025 withdrawn
Liferay Portal Vulnerable to Cross-Site Scripting Low
CVE-2025-43733 was published for com.liferay:com.liferay.layout.taglib (Maven) Aug 18, 2025
Jenkins has a CSRF vulnerability on the login form Low
CVE-2025-67639 was published for org.jenkins-ci.main:jenkins-core (Maven) Dec 10, 2025
Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function Low
CVE-2025-66453 was published for org.mozilla:rhino (Maven) Dec 3, 2025
TechPizzaDev
Credited to TechPizzaDev
Discovery uses the same AES/GCM Nonce throughout the session Low
CVE-2024-23688 was published for tech.pegasys.discovery:discovery (Maven) Apr 6, 2021
asanso
Credited to asanso
Keycloak unable to restrict access to the admin console Low
CVE-2025-10939 was published for org.keycloak:keycloak-quarkus-server (Maven) Dec 2, 2025
NutzBoot vulnerable to information disclosure Low
CVE-2025-13804 was published for org.nutz:nutzboot-parent (Maven) Dec 1, 2025
NutzBoot vulnerable to deserialization Low
CVE-2025-13805 was published for org.nutz:nutzboot-parent (Maven) Dec 1, 2025
Mustangproject allows exfiltrating files via XXE attacks Low
CVE-2025-66372 was published for org.mustangproject:library (Maven) Nov 28, 2025
Apache Tomcat Vulnerable to Improper Resource Shutdown or Release Low
CVE-2025-61795 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
tkwilli94
Credited to tkwilli94
Resty has a Path Traversal vulnerability Low
CVE-2025-13435 was published for cn.dreampie:resty (Maven) Nov 20, 2025
Apereo CAS code injection vulnerability Low
CVE-2025-3984 was published for org.apereo.cas:cas-management-webapp-support (Maven) Apr 27, 2025
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences Low
CVE-2025-55754 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
aruneko
Credited to aruneko
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database