Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,044
Maven
5,000+
npm
4,782
NuGet
825
pip
4,382
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

6,269 advisories

Loading
c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property High
CVE-2026-27830 was published for com.mchange:c3p0 (Maven) Feb 25, 2026
dpp Credited to dpp
mchange-commons-java: Remote Code Execution via JNDI Reference Resolution High
CVE-2026-27727 was published for com.mchange:mchange-commons-java (Maven) Feb 25, 2026
dpp Credited to dpp
Apache Camel Deserializes Untrusted Data in its LevelDB Component High
CVE-2026-25747 was published for org.apache.camel:camel-leveldb (Maven) Feb 23, 2026
Apache Camel: KeycloakSecurityPolicy does not validate issuer of JWT tokens against configured realm Critical
CVE-2026-23552 was published for org.apache.camel:camel-keycloak (Maven) Feb 23, 2026
carbon-apimgt does not properly restrict uploaded files Critical
CVE-2025-13590 was published for org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.impl (Maven) Feb 19, 2026
Keycloak: Missing Check on Disabled Client for Docker Registry Protocol Low
CVE-2026-2733 was published for org.keycloak:keycloak-services (Maven) Feb 19, 2026
mingSoft MCMS does not properly restrict file uploads Low
CVE-2026-2666 was published for net.mingsoft:ms-mcms (Maven) Feb 18, 2026
Jenkins has a build information disclosure vulnerability through Run Parameter Moderate
CVE-2026-27100 was published for org.jenkins-ci.main:jenkins-core (Maven) Feb 18, 2026
Bruceliu-rs Credited to Bruceliu-rs
Jenkins has a stored XSS vulnerability in node offline cause description High
CVE-2026-27099 was published for org.jenkins-ci.main:jenkins-core (Maven) Feb 18, 2026
Bruceliu-rs Credited to Bruceliu-rs
Apache Tomcat - Client certificate verification bypass Moderate
CVE-2025-66614 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Feb 17, 2026
Apache Tomcat - Security constraint bypass with HTTP/0.9 Low
CVE-2026-24733 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Feb 17, 2026
Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates High
CVE-2026-25903 was published for org.apache.nifi:nifi-web-api (Maven) Feb 17, 2026
Wildfly Elytron integration susceptible to brute force attacks via CLI High
CVE-2025-23368 was published for org.wildfly.core:wildfly-elytron-integration (Maven) Feb 13, 2026
Apache Avro Java SDK is Vulnerable to Code Injection Moderate
CVE-2025-33042 was published for org.apache.avro:avro-compiler (Maven) Feb 13, 2026
levpachmanov Credited to levpachmanov
XWiki vulnerable to click-jacking through CSS injection in comments Moderate
CVE-2026-26000 was published for org.xwiki.platform:xwiki-platform-web (Maven) Feb 12, 2026
keechy1231 Credited to keechy1231
Leaky JWTs in OpenMetadata exposing highly-privileged bot users High
CVE-2026-26010 was published for org.open-metadata:openmetadata-sdk (Maven) Feb 11, 2026
amfor Credited to amfor
Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability Low
CVE-2026-23901 was published for org.apache.shiro:shiro-core (Maven) Feb 10, 2026
Keycloak logs sensitive headers Moderate
CVE-2025-11537 was published for org.keycloak:keycloak-quarkus-server (Maven) Feb 10, 2026
Apache Druid Vulnerable to Authentication Bypass Critical
CVE-2026-23906 was published for org.apache.druid.extensions:druid-basic-security (Maven) Feb 10, 2026
Keycloak affected by improper invitation token validation High
CVE-2026-1529 was published for org.keycloak:keycloak-services (Maven) Feb 9, 2026
eminaktas Credited to eminaktas
Keycloak Affected by Broken Access Control Vulnerability in the UserManagedPermissionService Moderate
CVE-2025-14778 was published for org.keycloak:keycloak-services (Maven) Feb 9, 2026
eminaktas Credited to eminaktas
Keycloak fails to verify if an Identity Provider (IdP) is enabled before issuing tokens High
CVE-2026-1486 was published for org.keycloak:keycloak-services (Maven) Feb 9, 2026
eminaktas Credited to eminaktas
Apache Shiro has an Authentication Bypass Moderate
CVE-2026-23903 was published for org.apache.shiro:shiro-spring (Maven) Feb 9, 2026
saivarun3407 Credited to saivarun3407
Neo4j Enterprise and Community editions have insufficient escaping of unicode characters in query log Low
CVE-2026-1337 was published for org.neo4j:neo4j (Maven) Feb 6, 2026
Neo4j Enterprise and Community vulnerable to a potential information disclosure Moderate
CVE-2026-1622 was published for org.neo4j:neo4j (Maven) Feb 4, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database