GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,091 advisories
MCP Java SDK has a Hardcoded Wildcard CORS (Access-Control-Allow-Origin: *)
Moderate
CVE-2026-34237
was published
for
io.modelcontextprotocol.sdk:mcp-core
(Maven)
Mar 30, 2026
FHIR Validator: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing
Moderate
CVE-2026-34360
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.core
(Maven)
Mar 30, 2026
sbt: Source dependency feature (via crafted VCS URL) leads to arbitrary code execution on Windows
Moderate
CVE-2026-32948
was published
for
org.scala-sbt:sbt
(Maven)
Mar 24, 2026
Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API
Moderate
CVE-2026-3429
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 11, 2026
PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages
Moderate
CVE-2026-28338
was published
for
net.sourceforge.pmd:pmd-core
(Maven)
Feb 28, 2026
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
Moderate
GHSA-72hv-8253-57qq
was published
for
com.fasterxml.jackson.core:jackson-core
(Maven)
Feb 28, 2026
Junrar has an arbitrary file write due to backslash Path Traversal bypass in LocalFolderExtractor on Linux/Unix
Moderate
CVE-2026-28208
was published
for
com.github.junrar:junrar
(Maven)
Feb 27, 2026
Jenkins has a build information disclosure vulnerability through Run Parameter
Moderate
CVE-2026-27100
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Feb 18, 2026
Apache Tomcat - Client certificate verification bypass
Moderate
CVE-2025-66614
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Feb 17, 2026
ProTip!
Advisories are also available from the
GraphQL API