Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,026
Maven
5,000+
npm
4,763
NuGet
824
pip
4,366
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

2,011 advisories

Loading
c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property High
CVE-2026-27830 was published for com.mchange:c3p0 (Maven) Feb 25, 2026
dpp
Credited to dpp
mchange-commons-java: Remote Code Execution via JNDI Reference Resolution High
CVE-2026-27727 was published for com.mchange:mchange-commons-java (Maven) Feb 25, 2026
dpp
Credited to dpp
Apache Camel Deserializes Untrusted Data in its LevelDB Component High
CVE-2026-25747 was published for org.apache.camel:camel-leveldb (Maven) Feb 23, 2026
Jenkins has a stored XSS vulnerability in node offline cause description High
CVE-2026-27099 was published for org.jenkins-ci.main:jenkins-core (Maven) Feb 18, 2026
Bruceliu-rs
Credited to Bruceliu-rs
Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates High
CVE-2026-25903 was published for org.apache.nifi:nifi-web-api (Maven) Feb 17, 2026
Wildfly Elytron integration susceptible to brute force attacks via CLI High
CVE-2025-23368 was published for org.wildfly.core:wildfly-elytron-integration (Maven) Feb 13, 2026
Leaky JWTs in OpenMetadata exposing highly-privileged bot users High
CVE-2026-26010 was published for org.open-metadata:openmetadata-sdk (Maven) Feb 11, 2026
amfor
Credited to amfor
Keycloak affected by improper invitation token validation High
CVE-2026-1529 was published for org.keycloak:keycloak-services (Maven) Feb 9, 2026
eminaktas
Credited to eminaktas
Keycloak fails to verify if an Identity Provider (IdP) is enabled before issuing tokens High
CVE-2026-1486 was published for org.keycloak:keycloak-services (Maven) Feb 9, 2026
eminaktas
Credited to eminaktas
Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names High
CVE-2024-4027 was published for io.undertow:undertow-core (Maven) Jan 30, 2026
za-rudeboy
Credited to za-rudeboy
AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion High
CVE-2026-24400 was published for org.assertj:assertj-core (Maven) Jan 26, 2026
wxt201 scordio
Credited to wxt201 and scordio
Apache Hadoop HDFS Native Client has Out-of-bounds Write Vulnerability High
CVE-2025-27821 was published for org.apache.hadoop:hadoop-hdfs-native-client (Maven) Jan 26, 2026
Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin High
CVE-2026-22022 was published for org.apache.solr:solr-core (Maven) Jan 21, 2026
Apache Solr: Insufficient file-access checking in standalone core-creation requests High
CVE-2026-22444 was published for org.apache.solr:solr-core (Maven) Jan 21, 2026
Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass High
CVE-2025-29847 was published for org.apache.linkis:linkis (Maven) Jan 19, 2026
Jervis's AES CBC Mode is Without Authentication High
CVE-2025-68931 was published for net.gleske:jervis (Maven) Jan 13, 2026
Jervis Has Weak Random for Timing Attack Mitigation High
CVE-2025-68704 was published for net.gleske:jervis (Maven) Jan 13, 2026
Jervis's Salt for PBKDF2 derived from password High
CVE-2025-68703 was published for net.gleske:jervis (Maven) Jan 13, 2026
Jervis Has a SHA-256 Hex String Padding Bug High
CVE-2025-68702 was published for net.gleske:jervis (Maven) Jan 13, 2026
Jervis has Deterministic AES IV Derivation from Passphrase High
CVE-2025-68701 was published for net.gleske:jervis (Maven) Jan 13, 2026
Jervis Has a RSA PKCS#1 Padding Vulnerability High
CVE-2025-68698 was published for net.gleske:jervis (Maven) Jan 13, 2026
Apache Struts 2 is Missing XML Validation High
CVE-2025-68493 was published for com.opensymphony:xwork (Maven) Jan 11, 2026
OpenMetadata's Server-Side Template Injection (SSTI) in FreeMarker email templates leads to RCE High
CVE-2026-22244 was published for org.open-metadata:platform (Maven) Jan 7, 2026
lnlinh31 manerow
TeddyCr pmbrull
Credited to lnlinh31, manerow, TeddyCr, and pmbrull
Spinnaker vulnerable to SSRF due to improper restrictions on http from user input High
CVE-2025-61916 was published for io.spinnaker.clouddriver:clouddriver-artifacts (Maven) Jan 5, 2026
jake-ciolek CodeWobbler
jasonmcintosh Jaimeoby
Credited to jake-ciolek, CodeWobbler, jasonmcintosh, and Jaimeoby
MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation High
CVE-2026-21452 was published for org.msgpack:msgpack-core (Maven) Jan 5, 2026
HyperPS
Credited to HyperPS
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database