Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

6,791 advisories

Loading
org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint High
CVE-2026-49485 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (Maven) Jul 9, 2026
Micronaut: DefaultHttpClient follows redirects, forwarding Authorization, Cookie, and Proxy-Authorization headers Moderate
GHSA-q6gh-6v2r-hjv3 was published for io.micronaut:micronaut-http-client (Maven) Jul 9, 2026
sdelamo Credited to sdelamo
Micronaut doesn't set a maximum redirect count for its HTTP Client, enabling infinite loop DoS High
GHSA-387m-935m-c4vw was published for io.micronaut:micronaut-http-client (Maven) Jul 9, 2026
sdelamo Credited to sdelamo
NL Portal: IDOR allows any authenticated user to complete and tamper with another user's taak High
CVE-2026-49464 was published for nl.nl-portal:taak (Maven) Jul 8, 2026
NL Portal: Missing per-user authorization on document and decision GraphQL queries in nl-portal-backend-libraries Moderate
CVE-2026-49463 was published for nl.nl-portal:besluiten (Maven) Jul 8, 2026
DSpace: Path Traversal is possible through LDN message generation Moderate
CVE-2026-49833 was published for org.dspace:dspace-api (Maven) Jul 8, 2026
superpegaso2703 Credited to superpegaso2703 and kshepherd kshepherd kshepherd
DSpace: ORE resource URI does not validate scheme for non-web resources Moderate
CVE-2026-49830 was published for org.dspace:dspace-api (Maven) Jul 8, 2026
superpegaso2703 Credited to superpegaso2703 and kshepherd kshepherd kshepherd
DSpace has a possible Path Traversal Vulnerability in its Curation Task Reporter output path Moderate
CVE-2026-49831 was published for org.dspace:dspace-api (Maven) Jul 8, 2026
superpegaso2703 Credited to superpegaso2703 and kshepherd kshepherd kshepherd
DSpace has possible Remote Code Execution (RCE) through Velocity Templates used by LDN High
CVE-2026-49832 was published for org.dspace:dspace-api (Maven) Jul 8, 2026
superpegaso2703 Credited to superpegaso2703 and kshepherd kshepherd kshepherd
XWiki Platform Old Core: Resource path traversal via /skin/ action endpoint in Jetty 12+ High
CVE-2026-34151 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jul 7, 2026
khoaln98 Credited to khoaln98
OpenRemote has Authenticated SQL Injection via Datapoint Crosstab Export High
GHSA-cgfv-jrfp-2r7v was published for io.openremote:openremote-manager (Maven) Jul 6, 2026
aramosf Credited to aramosf
dyingman1 Credited to dyingman1
OpenRemote has Cross-Realm User Information Disclosure in UserResourceImpl High
CVE-2026-54641 was published for io.openremote:openremote-manager (Maven) Jul 6, 2026
geo-chen Credited to geo-chen
OpenRemote read-only asset users can write predicted datapoints Moderate
CVE-2026-49439 was published for io.openremote:openremote-manager (Maven) Jul 6, 2026
Hussien-Alzaghateet Credited to Hussien-Alzaghateet
LaunchServer FileServerHandler has an unauthenticated path traversal issue Critical
CVE-2026-54617 was published for pro.gravit.launcher:launchserver-api (Maven) Jul 2, 2026
getclaude Credited to getclaude
Keycloak: Unauthorized access via improper validation of encrypted SAML assertions High
CVE-2026-2092 was published for org.keycloak:keycloak-services (Maven) Jul 2, 2026
1seal Credited to 1seal
OnGres SCRAM silent channel-binding authentication downgrade via unsupported certificate algorithms High
CVE-2026-53712 was published for com.ongres.scram:scram-client (Maven) Jul 1, 2026
KEIJOT Credited to KEIJOT and jorsol jorsol jorsol
Keycloak has privilege escalation via improper scope mapping enforcement High
CVE-2026-9795 was published for org.keycloak:keycloak-services (Maven) Jul 1, 2026
tonghuaroot Credited to tonghuaroot and jonesbusy jonesbusy jonesbusy
CrateDB's Blob HTTP handler bypasses authorization Low
CVE-2026-49989 was published for io.crate:crate (Maven) Jul 1, 2026
fab1ano Credited to fab1ano and matriv matriv matriv
GeoNetwork has ACL bypass on Elasticsearch search when request body omits query field High
CVE-2026-46487 was published for org.geonetwork-opensource:geonetwork (Maven) Jul 1, 2026
jrdnull Credited to jrdnull and juanluisrp juanluisrp juanluisrp
GeoNetwork has reflected XSS through client-side template injection High
CVE-2026-39379 was published for org.geonetwork-opensource:geonetwork (Maven) Jul 1, 2026
Timonheu Credited to Timonheu, juanluisrp, and jodygarnett juanluisrp juanluisrp
jodygarnett jodygarnett
Sigstore Java has a vulnerability with bundle verification of integratedTime Low
CVE-2026-48791 was published for dev.sigstore:sigstore-java (Maven) Jun 30, 2026
OpenAM OAuth Authorization Bypass via PKCE Challenge Moderate
CVE-2026-48717 was published for org.openidentityplatform.openam:openam-oauth2 (Maven) Jun 29, 2026
wodzen Credited to wodzen
OpenAM OAuth Client Impersonation via JWKS Resolver Cache High
CVE-2026-47426 was published for org.openidentityplatform.openam:openam-oauth2 (Maven) Jun 29, 2026
wodzen Credited to wodzen
ProTip! Advisories are also available from the GraphQL API