GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,214 advisories
Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution
Low
CVE-2025-22151
was published
for
strawberry-graphql
(pip)
Jan 9, 2025
JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh
Low
CVE-2025-22149
was published
for
github.com/MicahParks/jwkset
(Go)
Jan 9, 2025
Possible Denial of Service Vulnerability in Rack's header parsing
Low
CVE-2023-27539
was published
for
rack
(RubyGems)
Mar 15, 2023
Apache NiFi: Missing Complete Authorization for Parameter and Service References
Low
CVE-2024-56512
was published
for
org.apache.nifi:nifi-web-api
(Maven)
Dec 28, 2024
QOS.CH logback-core Server-Side Request Forgery vulnerability
Low
CVE-2024-12801
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 19, 2024
Elliptic's verify function omits uniqueness validation
Low
CVE-2024-48949
was published
for
elliptic
(npm)
Oct 10, 2024
Keycloak Denial of Service via account lockout
Low
CVE-2024-1722
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 12, 2024
Duplicate Advisory: Keycloak DoS via account lockout
Low
GHSA-3hrr-xwvg-hxvr
was published
for
org.keycloak:keycloak-core
(Maven)
Feb 29, 2024
•
withdrawn
Keycloak's improper input validation allows using email as username
Low
CVE-2021-3754
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 12, 2024
Valid ECDSA signatures erroneously rejected in Elliptic
Low
CVE-2024-48948
was published
for
elliptic
(npm)
Oct 15, 2024
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
Low
CVE-2024-47528
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
ProTip!
Advisories are also available from the
GraphQL API