GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,089 advisories
Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization
Moderate
CVE-2025-13467
was published
for
org.keycloak:keycloak-ldap-federation
(Maven)
Dec 19, 2025
Apache Log4j does not verify the TLS hostname in its Socket Appender
Moderate
CVE-2025-68161
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Dec 18, 2025
ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay
Moderate
CVE-2025-68113
was published
for
altcha
(RubyGems)
Dec 16, 2025
Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder
Moderate
CVE-2025-67735
was published
for
io.netty:netty-codec-http
(Maven)
Dec 15, 2025
Improper Memory Cleanup in the Okta Java SDK
Moderate
CVE-2025-66033
was published
for
com.okta.sdk:okta-sdk-root
(Maven)
Dec 10, 2025
XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication
Moderate
CVE-2025-66472
was published
for
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
(Maven)
Dec 10, 2025
Central Dogma's Login Function Has an Open Redirect Vulnerability
Moderate
CVE-2025-11222
was published
for
com.linecorp.centraldogma:centraldogma-server-auth-shiro
(Maven)
Dec 4, 2025
ProTip!
Advisories are also available from the
GraphQL API