Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,323
Maven
5,000+
npm
5,000+
NuGet
880
pip
4,533
Pub
12
RubyGems
1,010
Rust
1,201
Swift
51
Unreviewed advisories
All unreviewed
5,000+

2,037 advisories

Loading
Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass High
CVE-2026-33871 was published for io.netty:netty-codec-http2 (Maven) Mar 26, 2026
sprabhav7 Credited to sprabhav7
Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing High
CVE-2026-33870 was published for io.netty:netty-codec-http (Maven) Mar 26, 2026
xclow3n Credited to xclow3n
Spring Cloud Config Server: Path Traversal via Profile Parameter Allows Arbitrary File Access High
CVE-2026-22739 was published for org.springframework.cloud:spring-cloud-config-server (Maven) Mar 24, 2026
Spring Boot has an Authentication Bypass under Actuator CloudFoundry endpoints High
CVE-2026-22733 was published for org.springframework.boot:spring-boot-starter-actuator (Maven) Mar 20, 2026
Spring Boot has an Authentication Bypass under Actuator Health groups paths High
CVE-2026-22731 was published for org.springframework.boot:spring-boot-starter-actuator (Maven) Mar 20, 2026
Allure Report has an Arbitrary File Read via Path Traversal in Attachment Processing (Allure 1, Allure 2, and XCTest Readers) High
CVE-2026-33166 was published for io.qameta.allure:allure-generator (Maven) Mar 18, 2026
ThanosTsiamis Credited to ThanosTsiamis and baev baev baev
Jenkins has a link following vulnerability allows arbitrary file creation High
CVE-2026-33001 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 18, 2026
bboe Credited to bboe
Jenkins has a DNS rebinding vulnerability in WebSocket CLI origin validation High
CVE-2026-33002 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 18, 2026
SQL Injection in Spring AI MariaDBFilterExpressionConverter High
CVE-2026-22730 was published for org.springframework.ai:spring-ai-mariadb-store (Maven) Mar 18, 2026
JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter High
CVE-2026-22729 was published for org.springframework.ai:spring-ai-vector-store (Maven) Mar 18, 2026
Keycloak: Unauthorized authentication via disabled SAML Identity Provider High
CVE-2026-2603 was published for org.keycloak:keycloak-server-spi-private (Maven) Mar 18, 2026
Keycloak: Unauthorized access via improper validation of encrypted SAML assertions High
CVE-2026-2092 was published for org.keycloak:keycloak-saml-adapter-core (Maven) Mar 18, 2026
Micronaut Framework vulnerable to a Denial of Service in HTML error response caching High
CVE-2026-33012 was published for io.micronaut:micronaut-http-server (Maven) Mar 17, 2026
shblue21 Credited to shblue21
Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices High
CVE-2026-33013 was published for io.micronaut:micronaut-json-core (Maven) Mar 17, 2026
shblue21 Credited to shblue21
Apache Spark: Spark History Server Code Execution Vulnerability High
CVE-2025-54920 was published for org.apache.spark:spark-core_2.10 (Maven) Mar 16, 2026
Apache ZooKeeper has improper handling of configuration values High
CVE-2026-24308 was published for org.apache.zookeeper:zookeeper (Maven) Mar 7, 2026
Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager High
CVE-2026-24281 was published for org.apache.zookeeper:zookeeper (Maven) Mar 7, 2026
kascit Credited to kascit
Keycloak SAML Broken has Authentication Bypass by Primary Weakness High
CVE-2026-3047 was published for org.keycloak:keycloak-broker-saml (Maven) Mar 5, 2026
Keycloak allows authentication using an Identity Provider (IdP) even after it has been disabled by an administrator High
CVE-2026-3009 was published for org.keycloak:keycloak-services (Maven) Mar 5, 2026
The Eclipse Jetty Server Artifact has a Gzip request memory leak High
CVE-2026-1605 was published for org.eclipse.jetty:jetty-server (Maven) Mar 5, 2026
glebashnik Credited to glebashnik and bjorncs bjorncs bjorncs
jackson-core has Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion High
CVE-2026-29062 was published for tools.jackson.core:jackson-core (Maven) Mar 4, 2026
sprabhav7 Credited to sprabhav7 and rohan-repos rohan-repos rohan-repos
XWiki Blog Application home page vulnerable to Stored XSS via Post Title High
CVE-2025-66024 was published for org.xwiki.contrib.blog:application-blog-ui (Maven) Mar 4, 2026
lukasz-rybak Credited to lukasz-rybak
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition High
GHSA-72hv-8253-57qq was published for com.fasterxml.jackson.core:jackson-core (Maven) Feb 28, 2026
sprabhav7 Credited to sprabhav7, rohan-repos, and neilmadden-hazelcast rohan-repos rohan-repos
neilmadden-hazelcast neilmadden-hazelcast
c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property High
CVE-2026-27830 was published for com.mchange:c3p0 (Maven) Feb 25, 2026
dpp Credited to dpp
mchange-commons-java: Remote Code Execution via JNDI Reference Resolution High
CVE-2026-27727 was published for com.mchange:mchange-commons-java (Maven) Feb 25, 2026
dpp Credited to dpp
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database