Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

14 advisories

Loading
Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates Moderate
CVE-2026-47838 was published for org.springframework.security:spring-security-web (Maven) Jun 10, 2026
marcelstoer Credited to marcelstoer and julianladisch julianladisch julianladisch
In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header Moderate
CVE-2026-41726 was published for org.springframework.kafka:spring-kafka (Maven) Jun 10, 2026
julianladisch Credited to julianladisch
Vert.x has a DoS via unbounded server-side SNI SslContext cache growth Moderate
CVE-2026-6860 was published for io.vertx:vertx-core (Maven) May 9, 2026
shblue21 Credited to shblue21, Preethi-30, and julianladisch Preethi-30 Preethi-30
julianladisch julianladisch
Duplicate Advisory: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided Low
GHSA-qmq6-f8pr-cx5x was published for uuid (npm) Apr 23, 2026 withdrawn
julianladisch Credited to julianladisch
uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided Moderate
CVE-2026-41907 was published for uuid (npm) Apr 22, 2026
0xStraw-Hat Credited to 0xStraw-Hat, frattaro, julianladisch, uniabis, c-harding, milenkotomic, jwasnoggin, and mhassan1 frattaro frattaro
julianladisch julianladisch uniabis uniabis c-harding c-harding milenkotomic milenkotomic jwasnoggin jwasnoggin mhassan1 mhassan1
Undertow: Denial of Service via Multipart/Form-Data Parsing on HTTP GET Requests Moderate
CVE-2026-3260 was published for io.undertow:undertow-core (Maven) Mar 24, 2026
julianladisch Credited to julianladisch
Keycloak's identity-first login flow exposes user information Low
CVE-2026-4633 was published for org.keycloak:keycloak-services (Maven) Mar 23, 2026
dnegreira Credited to dnegreira and julianladisch julianladisch julianladisch
fast-xml-parser has stack overflow in XMLBuilder with preserveOrder Low
CVE-2026-27942 was published for fast-xml-parser (npm) Feb 26, 2026
julianladisch Credited to julianladisch
Keycloak logs sensitive headers Moderate
CVE-2025-11537 was published for org.keycloak:keycloak-quarkus-server (Maven) Feb 10, 2026
julianladisch Credited to julianladisch and eminaktas eminaktas eminaktas
Keycloak services allows the issuance of access and refresh tokens for disabled users Moderate
CVE-2025-14559 was published for org.keycloak:keycloak-services (Maven) Jan 21, 2026
julianladisch Credited to julianladisch and eminaktas eminaktas eminaktas
Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions Low
CVE-2025-14082 was published for org.keycloak:keycloak-services (Maven) Dec 10, 2025
julianladisch Credited to julianladisch
Duplicate Advisory: Keycloak error_description injection on error pages that can trigger phishing attacks Moderate
GHSA-xmcw-mv9p-7pq2 was published for org.keycloak:keycloak-account-ui (Maven) Sep 5, 2025 withdrawn
julianladisch Credited to julianladisch
DOMPurify allows Cross-site Scripting (XSS) Moderate
CVE-2025-26791 was published for dompurify (npm) Feb 14, 2025
julianladisch Credited to julianladisch
Remote Code Execution in Gogs High
CVE-2024-44625 was published for gogs.io/gogs (Go) Nov 15, 2024
julianladisch Credited to julianladisch
ProTip! Advisories are also available from the GraphQL API