Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

6,323 advisories

Loading
Spring Security HTTP Headers Are not Written Under Some Conditions Critical
CVE-2026-22732 was published for org.springframework.security:spring-security-web (Maven) Mar 20, 2026
Spring Boot has an Authentication Bypass under Actuator Health groups paths High
CVE-2026-22731 was published for org.springframework.boot:spring-boot-starter-actuator (Maven) Mar 20, 2026
Spring MVC and WebFlux has Server Sent Event stream corruption Low
CVE-2026-22735 was published for org.springframework:spring-webflux (Maven) Mar 20, 2026
Spring Boot has an Authentication Bypass under Actuator CloudFoundry endpoints High
CVE-2026-22733 was published for org.springframework.boot:spring-boot-starter-actuator (Maven) Mar 20, 2026
Spring Framework Improper Path Limitation with Script View Templates Moderate
CVE-2026-22737 was published for org.springframework:spring-webflux (Maven) Mar 20, 2026
HAPI FHIR HTTP authentication leak in redirects Critical
CVE-2026-33180 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Mar 18, 2026
ElliotSilver Credited to ElliotSilver
Allure Report has an Arbitrary File Read via Path Traversal in Attachment Processing (Allure 1, Allure 2, and XCTest Readers) High
CVE-2026-33166 was published for io.qameta.allure:allure-generator (Maven) Mar 18, 2026
ThanosTsiamis Credited to ThanosTsiamis and baev baev baev
Jenkins LoadNinja Plugin stores LoadNinja API keys unencrypted in job config.xml files Moderate
CVE-2026-33003 was published for org.jenkins-ci.plugins:loadninja (Maven) Mar 18, 2026
Jenkins has a link following vulnerability allows arbitrary file creation High
CVE-2026-33001 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 18, 2026
bboe Credited to bboe
Jenkins has a DNS rebinding vulnerability in WebSocket CLI origin validation High
CVE-2026-33002 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 18, 2026
Jenkins LoadNinja Plugin does not mask LoadNinja API keys displayed on the job configuration form Moderate
CVE-2026-33004 was published for org.jenkins-ci.plugins:loadninja (Maven) Mar 18, 2026
SQL Injection in Spring AI MariaDBFilterExpressionConverter High
CVE-2026-22730 was published for org.springframework.ai:spring-ai-mariadb-store (Maven) Mar 18, 2026
JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter High
CVE-2026-22729 was published for org.springframework.ai:spring-ai-vector-store (Maven) Mar 18, 2026
Keycloak: Denial of Service due to excessive SAMLRequest decompression Moderate
CVE-2026-2575 was published for org.keycloak:keycloak-saml-adapter-core (Maven) Mar 18, 2026
Keycloak: Unauthorized authentication via disabled SAML Identity Provider High
CVE-2026-2603 was published for org.keycloak:keycloak-server-spi-private (Maven) Mar 18, 2026
Keycloak: Unauthorized access via improper validation of encrypted SAML assertions High
CVE-2026-2092 was published for org.keycloak:keycloak-saml-adapter-core (Maven) Mar 18, 2026
Micronaut Framework vulnerable to a Denial of Service in HTML error response caching High
CVE-2026-33012 was published for io.micronaut:micronaut-http-server (Maven) Mar 17, 2026
shblue21 Credited to shblue21
Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices High
CVE-2026-33013 was published for io.micronaut:micronaut-json-core (Maven) Mar 17, 2026
shblue21 Credited to shblue21
Apache Spark: Spark History Server Code Execution Vulnerability High
CVE-2025-54920 was published for org.apache.spark:spark-core_2.10 (Maven) Mar 16, 2026
Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames Critical
CVE-2026-25534 was published for io.spinnaker.clouddriver:clouddriver-artifacts (Maven) Mar 16, 2026
jaydhulia Credited to jaydhulia and jasonmcintosh jasonmcintosh jasonmcintosh
Apache Livy: Unauthorized directory access Moderate
CVE-2025-66249 was published for org.apache.livy:livy-server (Maven) Mar 13, 2026
Apache Livy: Restrict file access Moderate
CVE-2025-60012 was published for org.apache.livy:livy-server (Maven) Mar 13, 2026
Keycloak vulnerable to authorization bypass via the Admin API Low
CVE-2026-2366 was published for @keycloak/keycloak-admin-client (Maven) Mar 12, 2026
Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API Moderate
CVE-2026-3429 was published for org.keycloak:keycloak-services (Maven) Mar 11, 2026
Keycloak: Information disclosure of disabled user attributes via administrative endpoint Low
CVE-2026-3911 was published for org.keycloak:keycloak-services (Maven) Mar 11, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database