GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,099 advisories
quarkus-openapi-generator extension has Zip Slip Path Traversal in ApicurioCodegenWrapper class
Moderate
GHSA-jx2w-vp7f-456q
was published
for
io.quarkiverse.openapi.generator:quarkus-openapi-generator
(Maven)
Apr 8, 2026
Emissary has a Path Traversal via Blacklist Bypass in Configuration API
Moderate
CVE-2026-35583
was published
for
gov.nsa.emissary:emissary
(Maven)
Apr 8, 2026
Emissary has Stored XSS via Navigation Template Link Injection
Moderate
CVE-2026-35571
was published
for
gov.nsa.emissary:emissary
(Maven)
Apr 7, 2026
MCP Java SDK has a Hardcoded Wildcard CORS (Access-Control-Allow-Origin: *)
Moderate
CVE-2026-34237
was published
for
io.modelcontextprotocol.sdk:mcp-core
(Maven)
Mar 30, 2026
FHIR Validator: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing
Moderate
CVE-2026-34360
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.core
(Maven)
Mar 30, 2026
sbt: Source dependency feature (via crafted VCS URL) leads to arbitrary code execution on Windows
Moderate
CVE-2026-32948
was published
for
org.scala-sbt:sbt
(Maven)
Mar 24, 2026
Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API
Moderate
CVE-2026-3429
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 11, 2026
ProTip!
Advisories are also available from the
GraphQL API