Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

3,045 advisories

Loading
Nu Html Checker (vnu) contains a Server-Side Request Forgery (SSRF) vulnerability Moderate
CVE-2025-15104 was published for nu.validator:validator (Maven) Jan 16, 2026
augustocesarperin
Credited to augustocesarperin
Vert.x Web static handler component cache can be manipulated to deny the access to static files Moderate
CVE-2026-1002 was published for io.vertx:vertx-core (Maven) Jan 15, 2026
yeikel
Credited to yeikel
Apache Camel camel-neo4j component is vulnerable to cypher injection Moderate
CVE-2025-66169 was published for org.apache.camel:camel-neo4j (Maven) Jan 14, 2026
Jervis Has a JWT Algorithm Confusion Vulnerability Moderate
CVE-2025-68925 was published for net.gleske:jervis (Maven) Jan 13, 2026
XWiki Full Calendar Macro vulnerable to data leak through Calendar.JSONService Moderate
CVE-2025-65090 was published for org.xwiki.contrib:macro-fullcalendar-pom (Maven) Jan 9, 2026
Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization Moderate
CVE-2026-0707 was published for org.keycloak:keycloak-parent (Maven) Jan 8, 2026
Bio-Formats performs unsafe Java deserialization of attacker-controlled memoization cache files (.bfmemo) during image processing Moderate
CVE-2026-22187 was published for ome:pom-bio-formats (Maven) Jan 7, 2026
Bio-Formats has an XML External Entity (XXE) vulnerability Moderate
CVE-2026-22186 was published for ome:pom-bio-formats (Maven) Jan 7, 2026
Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write Moderate
CVE-2025-66560 was published for io.quarkus:quarkus-rest (Maven) Jan 7, 2026
Apache SIS has Improper Restriction of XML External Entity Reference vulnerability Moderate
CVE-2025-68280 was published for org.apache.sis.core:sis-metadata (Maven) Jan 5, 2026
Vaadin vulnerable to Cross-site Scripting Moderate
CVE-2025-15022 was published for com.vaadin:vaadin (Maven) Jan 5, 2026
Apache StreamPipes has Improper Privilege Management issue Moderate
CVE-2025-47411 was published for org.apache.streampipes:streampipes-parent (Maven) Jan 1, 2026
Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization Moderate
CVE-2025-13467 was published for org.keycloak:keycloak-ldap-federation (Maven) Dec 19, 2025
Elasticsearch has Excessive Allocation of Resources via Submission of Oversized User Settings Data Moderate
CVE-2025-68384 was published for org.elasticsearch.plugin:x-pack-security (Maven) Dec 19, 2025
Elasticsearch privileged authenticated users can cause DoS through Excessive Resource Allocation Moderate
CVE-2025-68390 was published for org.elasticsearch.plugin:x-pack-core (Maven) Dec 19, 2025
Apache Log4j does not verify the TLS hostname in its Socket Appender Moderate
CVE-2025-68161 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 18, 2025
ppkarwasz
Credited to ppkarwasz
Amazon S3 Encryption Client for Java has a Key Commitment Issue Moderate
CVE-2025-14763 was published for software.amazon.encryption.s3:amazon-s3-encryption-client-java (Maven) Dec 18, 2025
ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay Moderate
CVE-2025-68113 was published for altcha (RubyGems) Dec 16, 2025
eternal-flame-AD
Credited to eternal-flame-AD
Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder Moderate
CVE-2025-67735 was published for io.netty:netty-codec-http (Maven) Dec 15, 2025
vietj nakyamad
Credited to vietj and nakyamad
Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates Moderate
CVE-2025-37731 was published for org.elasticsearch:elasticsearch (Maven) Dec 15, 2025
snail-job is vulnerable to Code Injection through QLExpressEngine.doEval function Moderate
CVE-2025-14674 was published for com.aizuda:snail-job (Maven) Dec 14, 2025
PowerJob has a server-side request forgery vulnerability in PingPongUtils.java Moderate
CVE-2025-14518 was published for tech.powerjob:powerjob-common (Maven) Dec 11, 2025
Improper Memory Cleanup in the Okta Java SDK Moderate
CVE-2025-66033 was published for com.okta.sdk:okta-sdk-root (Maven) Dec 10, 2025
pyckle
Credited to pyckle
Jenkins Redpen - Pipeline Reporter for Jira Plugin has a path traversal vulnerability Moderate
CVE-2025-67643 was published for org.jenkinsci.plugins:pipeline-reporter-by-redpen (Maven) Dec 10, 2025
Jenkins HashiCorp Vault Plugin exposes system-scoped Vault credentials Moderate
CVE-2025-67642 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Dec 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database