GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
390 advisories
Apache Tomcat Uncontrolled Resource Consumption vulnerability
Low
CVE-2024-54677
was published
for
org.apache.tomcat:tomcat
(Maven)
Dec 17, 2024
Netty has HTTP Header Injection via HttpProxyHandler Disabled Validation (Incomplete Fix CVE-2025-67735)
Low
CVE-2026-42578
was published
for
io.netty:netty-handler-proxy
(Maven)
May 7, 2026
Micronaut has Unbounded `bundleCache` in `ResourceBundleMessageSource` that Allows Memory Exhaustion via `Accept-Language` Header
Low
CVE-2026-44242
was published
for
io.micronaut:micronaut-inject
(Maven)
May 6, 2026
Apache Tomcat Vulnerable to Improper Resource Shutdown or Release
Low
CVE-2025-61795
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 27, 2025
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences
Low
CVE-2025-55754
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 27, 2025
Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser
Low
CVE-2026-42188
was published
for
org.geysermc.geyser:core
(Maven)
May 5, 2026
org.eclipse.jetty:jetty-http has different parsing of invalid URIs
Low
CVE-2025-11143
was published
for
org.eclipse.jetty:jetty-http
(Maven)
Mar 5, 2026
Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation
Low
CVE-2026-4874
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 26, 2026
Keycloak's identity-first login flow exposes user information
Low
CVE-2026-4633
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 23, 2026
ProTip!
Advisories are also available from the
GraphQL API