Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,227
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,502
Pub
12
RubyGems
995
Rust
1,187
Swift
51
Unreviewed advisories
All unreviewed
5,000+

6,312 advisories

Loading
HAPI FHIR HTTP authentication leak in redirects Critical
CVE-2026-33180 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Mar 18, 2026
ElliotSilver Credited to ElliotSilver
Allure Report has an Arbitrary File Read via Path Traversal in Attachment Processing (Allure 1, Allure 2, and XCTest Readers) High
CVE-2026-33166 was published for io.qameta.allure:allure-generator (Maven) Mar 18, 2026
ThanosTsiamis Credited to ThanosTsiamis and baev baev baev
SQL Injection in Spring AI MariaDBFilterExpressionConverter High
CVE-2026-22730 was published for org.springframework.ai:spring-ai-mariadb-store (Maven) Mar 18, 2026
JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter High
CVE-2026-22729 was published for org.springframework.ai:spring-ai-vector-store (Maven) Mar 18, 2026
Keycloak: Denial of Service due to excessive SAMLRequest decompression Moderate
CVE-2026-2575 was published for org.keycloak:keycloak-saml-adapter-core (Maven) Mar 18, 2026
Keycloak: Unauthorized authentication via disabled SAML Identity Provider High
CVE-2026-2603 was published for org.keycloak:keycloak-server-spi-private (Maven) Mar 18, 2026
Keycloak: Unauthorized access via improper validation of encrypted SAML assertions High
CVE-2026-2092 was published for org.keycloak:keycloak-saml-adapter-core (Maven) Mar 18, 2026
Micronaut Framework vulnerable to a Denial of Service in HTML error response caching High
CVE-2026-33012 was published for io.micronaut:micronaut-http-server (Maven) Mar 17, 2026
Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices High
CVE-2026-33013 was published for io.micronaut:micronaut-json-core (Maven) Mar 17, 2026
Apache Spark: Spark History Server Code Execution Vulnerability High
CVE-2025-54920 was published for org.apache.spark:spark-core_2.10 (Maven) Mar 16, 2026
Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames Critical
CVE-2026-25534 was published for io.spinnaker.clouddriver:clouddriver-artifacts (Maven) Mar 16, 2026
jaydhulia Credited to jaydhulia and jasonmcintosh jasonmcintosh jasonmcintosh
Apache Livy: Restrict file access Moderate
CVE-2025-60012 was published for org.apache.livy:livy-server (Maven) Mar 13, 2026
Apache Livy: Unauthorized directory access Moderate
CVE-2025-66249 was published for org.apache.livy:livy-server (Maven) Mar 13, 2026
Keycloak vulnerable to authorization bypass via the Admin API Low
CVE-2026-2366 was published for @keycloak/keycloak-admin-client (Maven) Mar 12, 2026
Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API Moderate
CVE-2026-3429 was published for org.keycloak:keycloak-services (Maven) Mar 11, 2026
Keycloak: Information disclosure of disabled user attributes via administrative endpoint Low
CVE-2026-3911 was published for org.keycloak:keycloak-services (Maven) Mar 11, 2026
Vaadin: Specially crafted ZIP archives can escape the intended extraction directory Low
CVE-2026-2741 was published for com.vaadin:flow-project (Maven) Mar 10, 2026
Vaadin Vulnerable to Authentication Bypass When Accessing the /VAADIN Endpoint Without a Trailing Slash Moderate
CVE-2026-2742 was published for com.vaadin:flow-server (Maven) Mar 10, 2026
Apache PDFBox has Path Traversal through PDComplexFileSpecification.getFilename() function Moderate
CVE-2026-23907 was published for org.apache.pdfbox:pdfbox-examples (Maven) Mar 10, 2026
Apache IoTDB has an Insecure Default Configuration Vulnerability Critical
CVE-2026-24015 was published for org.apache.iotdb:iotdb-core (Maven) Mar 9, 2026
Apache IoTDB has an Improper Input Validation vulnerability Critical
CVE-2026-24713 was published for org.apache.iotdb:iotdb-core (Maven) Mar 9, 2026
Apache ZooKeeper has improper handling of configuration values High
CVE-2026-24308 was published for org.apache.zookeeper:zookeeper (Maven) Mar 7, 2026
Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager High
CVE-2026-24281 was published for org.apache.zookeeper:zookeeper (Maven) Mar 7, 2026
kascit Credited to kascit
org.eclipse.jetty:jetty-http has different parsing of invalid URIs Low
CVE-2025-11143 was published for org.eclipse.jetty:jetty-http (Maven) Mar 5, 2026
zer0yu Credited to zer0yu
Cloudfoundry UAA has logic error in the token revocation endpoint implementation Moderate
CVE-2026-22723 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) Mar 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database