GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
6,345 advisories
JinJava Bypass through ForTag leads to Arbitrary Java Execution
Critical
CVE-2026-25526
was published
for
com.hubspot.jinjava:jinjava
(Maven)
Feb 3, 2026
Keycloak Admin API allows an administrator with limited privileges to retrieve sensitive custom attributes
Low
CVE-2025-13881
was published
for
org.keycloak:keycloak-services
(Maven)
Feb 2, 2026
Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names
High
CVE-2024-4027
was published
for
io.undertow:undertow-core
(Maven)
Jan 30, 2026
AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion
High
CVE-2026-24400
was published
for
org.assertj:assertj-core
(Maven)
Jan 26, 2026
XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages
Moderate
CVE-2026-24128
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jan 23, 2026
Keycloak services allows the issuance of access and refresh tokens for disabled users
Moderate
CVE-2025-14559
was published
for
org.keycloak:keycloak-services
(Maven)
Jan 21, 2026
ProTip!
Advisories are also available from the
GraphQL API