GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,821
Erlang
36
GitHub Actions
32
Go
2,413
Maven
5,000+
npm
4,052
NuGet
723
pip
3,844
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
Keycloak phishing attack via email verification step in first login flow
Moderate
CVE-2025-7365
was published
for
org.keycloak:keycloak-services
(Maven)
Jul 30, 2025
Duplicate Advisory: Keycloak phishing attack via email verification step in first login flow
Moderate
GHSA-gj52-35xm-gxjh
was published
for
org.keycloak:keycloak-services
(Maven)
Jul 10, 2025
•
withdrawn
Liferay Portal and Liferay DXP fails to check origin of event messages
Moderate
CVE-2022-25146
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Mar 4, 2022
Apache Knox allows impersonation of users
Moderate
CVE-2017-5646
was published
for
org.apache.knox:gateway-provider-identity-assertion-common
(Maven)
May 13, 2022
Jenkins SAML Single Sign On(SSO) Plugin missing hostname validation
Moderate
CVE-2023-32993
was published
for
io.jenkins.plugins:miniorange-saml-sp
(Maven)
May 16, 2023
Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS
High
CVE-2024-1249
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
High
CVE-2024-23898
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jan 24, 2024
Keycloak path traversal vulnerability in the redirect validation
High
CVE-2024-2419
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Origin Validation Error in Apache Maven
Critical
CVE-2021-26291
was published
for
org.apache.maven:maven-compat
(Maven)
Jun 16, 2021
Default CORS config allows any origin with credentials
Critical
CVE-2021-39185
was published
for
org.http4s:http4s-server
(Maven)
Sep 2, 2021
Improper Handling of Exceptional Conditions and Origin Validation Error in Eclipse Paho Java client library
Moderate
CVE-2019-11777
was published
for
org.eclipse.paho:org.eclipse.paho.client.mqttv3
(Maven)
Sep 17, 2019
Origin Validation Error in Apache NiFi
High
CVE-2017-7667
was published
for
org.apache.nifi:nifi
(Maven)
May 17, 2022
Zip4j Origin Validation Error
Moderate
CVE-2023-22899
was published
for
net.lingala.zip4j:zip4j
(Maven)
Jan 10, 2023
ProTip!
Advisories are also available from the
GraphQL API