GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,094 advisories
Emissary has a Path Traversal via Blacklist Bypass in Configuration API
Moderate
CVE-2026-35583
was published
for
gov.nsa.emissary:emissary
(Maven)
Apr 8, 2026
Emissary has Stored XSS via Navigation Template Link Injection
Moderate
CVE-2026-35571
was published
for
gov.nsa.emissary:emissary
(Maven)
Apr 7, 2026
MCP Java SDK has a Hardcoded Wildcard CORS (Access-Control-Allow-Origin: *)
Moderate
CVE-2026-34237
was published
for
io.modelcontextprotocol.sdk:mcp-core
(Maven)
Mar 30, 2026
FHIR Validator: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing
Moderate
CVE-2026-34360
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.core
(Maven)
Mar 30, 2026
sbt: Source dependency feature (via crafted VCS URL) leads to arbitrary code execution on Windows
Moderate
CVE-2026-32948
was published
for
org.scala-sbt:sbt
(Maven)
Mar 24, 2026
Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API
Moderate
CVE-2026-3429
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 11, 2026
PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages
Moderate
CVE-2026-28338
was published
for
net.sourceforge.pmd:pmd-core
(Maven)
Feb 28, 2026
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
Moderate
GHSA-72hv-8253-57qq
was published
for
com.fasterxml.jackson.core:jackson-core
(Maven)
Feb 28, 2026
Junrar has an arbitrary file write due to backslash Path Traversal bypass in LocalFolderExtractor on Linux/Unix
Moderate
CVE-2026-28208
was published
for
com.github.junrar:junrar
(Maven)
Feb 27, 2026
ProTip!
Advisories are also available from the
GraphQL API