Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+

4,938 advisories

jackson-dataformat-xml vulnerable to XML external entity (XXE) Critical
CVE-2016-3720 was published for com.fasterxml.jackson.dataformat:jackson-dataformat-xml (Maven) Oct 18, 2018
Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console High
CVE-2022-2668 was published for org.keycloak:keycloak-parent (Maven) Sep 23, 2022
OrientDB-Server vulnerable to Cross-Site Request Forgery High
CVE-2015-2912 was published for com.orientechnologies:orientdb-studio (Maven) Oct 18, 2018
jackson-dataformat-xml vulnerable to server side request forgery (SSRF) High
CVE-2016-7051 was published for com.fasterxml.jackson.dataformat:jackson-dataformat-xml (Maven) Oct 18, 2018
Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request Critical
CVE-2016-4800 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
Keycloak vulnerable to infinite loop based Denial of Service High
CVE-2017-2646 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Keycloak vulnerable to uncontrolled resource consumption High
CVE-2014-3651 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Jetty vulnerable to exposure of sensitive information to unauthenticated remote users High
CVE-2015-2080 was published for org.eclipse.jetty:jetty-server (Maven) Nov 9, 2018
Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles Moderate
CVE-2022-2256 was published for org.keycloak:keycloak-parent (Maven) Sep 23, 2022
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow High
CVE-2022-40151 was published for com.thoughtworks.xstream:xstream (Maven) Dec 30, 2022
Apiman Vert.x Gateway has Transitive Hazelcast connection caching issue High
GHSA-q2fj-6h62-59m2 was published for io.apiman:apiman-distro-vertx (Maven) Dec 30, 2022
Keycloak is vulnerable to IDN homograph attack Low
GHSA-mwm4-5qwr-g9pf was published for org.keycloak:keycloak-services (Maven) Apr 28, 2022
klausenbusk kurt-r2c
Reflected XSS on clients-registrations endpoint Moderate
GHSA-m98g-63qj-fp8j was published for org.keycloak:keycloak-parent (Maven) Apr 28, 2022
ProTip! Advisories are also available from the GraphQL API