Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

2,778 advisories

Loading
Apache Struts Extras Before 2 has an Improper Output Neutralization for Logs Vulnerability Moderate
CVE-2025-54656 was published for org.apache.struts:struts-extras (Maven) Jul 30, 2025
Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled) Moderate
CVE-2025-7784 was published for org.keycloak:keycloak-services (Maven) Jul 30, 2025
Keycloak phishing attack via email verification step in first login flow Moderate
CVE-2025-7365 was published for org.keycloak:keycloak-services (Maven) Jul 30, 2025
Opencast still publishes global system account credentials Moderate
CVE-2025-54380 was published for org.opencastproject:opencast-common (Maven) Jul 25, 2025
lkiesow
Apache Jena allows users with administrator access to create databases files outside the files area of the Fuseki server Moderate
CVE-2025-49656 was published for org.apache.jena:jena-fuseki (Maven) Jul 21, 2025
Duplicate Advisory: Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled) Moderate
GHSA-83j7-mhw9-388w was published for org.keycloak:keycloak-services (Maven) Jul 18, 2025 withdrawn
Eclipse GlassFish is vulnerable to Stored XSS attacks through its Administration Console Moderate
CVE-2024-10032 was published for org.glassfish.main.admingui:console-cluster-plugin (Maven) Jul 16, 2025
Eclipse GlassFish is vulnerable to Stored XSS attacks through configuration file modifications Moderate
CVE-2024-10031 was published for org.glassfish.main.admingui:console-common (Maven) Jul 16, 2025
Eclipse GlassFish is vulnerable to Stored XSS attacks through its Administration Console Moderate
CVE-2024-9343 was published for org.glassfish.main.admingui:console-common (Maven) Jul 16, 2025
Eclipse GlassFish is vulnerable to Login Brute Force attacks through unlimited failed login attempts Moderate
CVE-2024-9342 was published for org.glassfish.main.admingui:console-common (Maven) Jul 16, 2025
Eclipse GlassFish is vulnerable to Reflected XSS attacks through its Administration Console Moderate
CVE-2024-10029 was published for org.glassfish.main.admingui:console-cluster-plugin (Maven) Jul 16, 2025
Reactor Netty HTTP is vulnerable to credential leaks during chained redirects Moderate
CVE-2025-22227 was published for io.projectreactor.netty:reactor-netty-http (Maven) Jul 16, 2025
DSpace is vulnerable to Path Traversal attacks when importing packages using Simple Archive Format Moderate
CVE-2025-53622 was published for org.dspace:dspace-api (Maven) Jul 15, 2025
MMilosz kshepherd
DSpace is vulnerable to XML External Entity injection during archive imports Moderate
CVE-2025-53621 was published for org.dspace:dspace-api (Maven) Jul 15, 2025
superpegaso2703 kshepherd
tdonohue
Apache CXF is vulnerable to DoS attacks as entire files are read into memory and logged Moderate
CVE-2025-48795 was published for org.apache.cxf:cxf-core (Maven) Jul 15, 2025
pavelarnost
Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs Moderate
CVE-2025-48924 was published for commons-lang:commons-lang (Maven) Jul 11, 2025
Nimbus JOSE + JWT is vulnerable to DoS attacks when processing deeply nested JSON Moderate
CVE-2025-53864 was published for com.nimbusds:nimbus-jose-jwt (Maven) Jul 11, 2025
Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams Moderate
CVE-2025-53506 was published for org.apache.tomcat:tomcat-coyote (Maven) Jul 10, 2025
fabien-chebel
Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector Moderate
CVE-2025-52434 was published for org.apache.tomcat:tomcat-util (Maven) Jul 10, 2025
Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits Moderate
CVE-2025-52520 was published for org.apache.tomcat:tomcat-catalina (Maven) Jul 10, 2025
Duplicate Advisory: Keycloak phishing attack via email verification step in first login flow Moderate
GHSA-gj52-35xm-gxjh was published for org.keycloak:keycloak-services (Maven) Jul 10, 2025 withdrawn
Jenkins Applitools Eyes Plugin vulnerability does not mask API keys on its job configuration form Moderate
CVE-2025-53743 was published for org.jenkins-ci.plugins:applitools-eyes (Maven) Jul 9, 2025
Jenkins Xooa Plugin vulnerability does not mask its Xooa Deployment Token Moderate
CVE-2025-53677 was published for io.jenkins.plugins:xooa (Maven) Jul 9, 2025
Jenkins Warrior Framework Plugin vulnerability exposes unencrypted passwords to certain authenticated users Moderate
CVE-2025-53675 was published for org.jenkins-ci.plugins:warrior (Maven) Jul 9, 2025
Jenkins Applitools Eyes Plugin vulnerability exposes unencrypted keys to certain authenticated users Moderate
CVE-2025-53742 was published for org.jenkins-ci.plugins:pplitools-eyes (Maven) Jul 9, 2025
ProTip! Advisories are also available from the GraphQL API