Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

17 advisories

Loading
Keycloak: Session fixation in OIDC login flow that can lead to account takeover High
CVE-2026-7507 was published for org.keycloak:keycloak-services (Maven) May 19, 2026
Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation Critical
CVE-2026-27478 was published for io.unitycatalog:unitycatalog-server (Maven) May 11, 2026
lukas-reining Credited to lukas-reining
Openfire has potential identity spoofing issue via unsafe CN parsing Moderate
CVE-2025-59154 was published for org.igniterealtime.openfire:xmppserver (Maven) Sep 16, 2025
onmywaytoheaven Credited to onmywaytoheaven
Spring Security Vulnerable to Authorization Bypass via Security Annotations Moderate
CVE-2025-22223 was published for org.springframework.security:spring-security-core (Maven) Mar 24, 2025
Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing Moderate
CVE-2024-23953 was published for org.apache.hive:hive-llap-common (Maven) Jan 28, 2025
Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server High
CVE-2024-51504 was published for org.apache.zookeeper:zookeeper (Maven) Nov 7, 2024
ferdlestier Credited to ferdlestier
Signature forgery in Spring Boot's Loader High
CVE-2024-38807 was published for org.springframework.boot:spring-boot-loader (Maven) Aug 23, 2024
Apache SeaTunnel Web Authentication vulnerability High
CVE-2023-48396 was published for org.apache.seatunnel:seatunnel-web (Maven) Jul 30, 2024
Jenkins Script Security Plugin sandbox bypass vulnerability High
CVE-2024-34145 was published for org.jenkins-ci.plugins:script-security (Maven) May 2, 2024
Apache HugeGraph-Server: Bypass whitelist in Auth mode High
CVE-2024-27349 was published for org.apache.hugegraph:hugegraph-api (Maven) Apr 22, 2024
Keycloak vulnerable to impersonation via logout token exchange Low
CVE-2023-0657 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Apache Zeppelin: Replacing other users notebook, bypassing any permissions Moderate
CVE-2024-31863 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
SMTP smuggling in Apache James High
CVE-2023-51747 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd Credited to oscerd
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes Low
CVE-2023-41329 was published for com.github.tomakehurst:wiremock-jre8 (Maven) Sep 8, 2023
W0rty Credited to W0rty, numacanedo, tomakehurst, Mahoney, and oleg-nenashev numacanedo numacanedo
tomakehurst tomakehurst Mahoney Mahoney oleg-nenashev oleg-nenashev
Authentication Bypass in Apache Cassandra High
CVE-2020-17516 was published for org.apache.cassandra:cassandra-all (Maven) Feb 9, 2022
HTTP Method Spoofing High
CVE-2021-43807 was published for org.opencastproject:opencast-common (Maven) Dec 14, 2021
lkiesow Credited to lkiesow
Authentication Bypass High
CVE-2021-29441 was published for com.alibaba.nacos:nacos-common (Maven) Apr 27, 2021
ProTip! Advisories are also available from the GraphQL API