GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
31 advisories
Filter by severity
OpenAM OAuth Authorization Bypass via PKCE Challenge
Moderate
CVE-2026-48717
was published
for
org.openidentityplatform.openam:openam-oauth2
(Maven)
Jun 29, 2026
OpenAM OAuth Client Impersonation via JWKS Resolver Cache
High
CVE-2026-47426
was published
for
org.openidentityplatform.openam:openam-oauth2
(Maven)
Jun 29, 2026
OpenAM Authenticated RCE via Groovy Sandbox Escape
High
CVE-2026-47424
was published
for
org.openidentityplatform.openam:openam-scripting
(Maven)
Jun 29, 2026
OpenAM Account Takeover via Unverified Password Change in OAuth2 Module
High
CVE-2026-46623
was published
for
org.openidentityplatform.openam:openam-auth-oauth2
(Maven)
Jun 26, 2026
OpenAM Authentication Bypass via MSISDN LDAP Injection
High
CVE-2026-46619
was published
for
org.openidentityplatform.openam:openam-auth-msisdn
(Maven)
Jun 26, 2026
OpenAM: Unauthenticated Authentication Bypass via RADIUS Spoofing
High
CVE-2026-46560
was published
for
org.openidentityplatform.openam:openam-radius
(Maven)
Jun 25, 2026
OpenAM Arbitrary OAuth Token Minting via Push Registration
High
CVE-2026-46498
was published
for
org.openidentityplatform.openam:openam-oauth2
(Maven)
Jun 25, 2026
OpenAM has Unsafe Java Deserialization via SNS
High
CVE-2026-45794
was published
for
org.openidentityplatform.openam:openam-push-notification
(Maven)
Jun 25, 2026
OpenAM Pre-auth User Profile Tampering via Anonymous SOAP Authn in Liberty IDPP/Discovery Endpoints
Critical
CVE-2026-45052
was published
for
org.openidentityplatform.openam:openam-federation-library
(Maven)
Jun 24, 2026
OpenAM: Pre-auth RCE via Java Deserialization in WebAuthn Authenticator Storage
Critical
CVE-2026-45051
was published
for
org.openidentityplatform.openam:openam-auth-webauthn
(Maven)
Jun 24, 2026
OpenAM Unauthenticated Session Hijacking via Information Exposure in CDCServlet
High
CVE-2026-45049
was published
for
org.openidentityplatform.openam:openam-federation
(Maven)
Jun 23, 2026
OpenAM Authenticated Privilege Escalation via Raw Token Disclosure Session RPC
High
CVE-2026-45048
was published
for
org.openidentityplatform.openam:openam-core
(Maven)
Jun 23, 2026
OpenDJ Pre-Auth RCE via Java Deserialization in JMX RMI
Critical
CVE-2026-46495
was published
for
org.openidentityplatform.opendj:opendj-server-legacy
(Maven)
Jun 22, 2026
OpenAM has pre-auth Reflected XSS in OAuth2 / OIDC response_mode=form_post via state parameter (FormPostResponse.ftl)
Critical
CVE-2026-44203
was published
for
org.openidentityplatform.openam:openam-oauth2
(Maven)
Jun 22, 2026
jdbi3-freemarker Vulnerable to Improper Neutralization of Special Elements Used in FreeMarker Template Engine
High
GHSA-mggx-p7jf-jgw4
was published
for
org.jdbi:jdbi3-freemarker
(Maven)
May 5, 2026
Fiber vulnerable to XSS in AutoFormat Content Negotiation
Moderate
CVE-2026-42554
was published
for
github.com/gofiber/fiber/v2
(Go)
May 5, 2026
Fiber has an Arbitrary File Read in Static Middleware on Windows
High
CVE-2026-25891
was published
for
github.com/gofiber/fiber/v3
(Go)
Feb 24, 2026
FUXA Unauthenticated Remote Arbitrary Scheduler Write
Critical
CVE-2026-25939
was published
for
fuxa-server
(npm)
Feb 10, 2026
FUXA Unauthenticated Remote Code Execution in Node-RED Integration
Critical
CVE-2026-25938
was published
for
fuxa-server
(npm)
Feb 10, 2026
FUXA Unauthenticated Remote Arbitrary Device Tag Write
Critical
CVE-2026-25752
was published
for
fuxa-server
(npm)
Feb 5, 2026
FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API
Critical
CVE-2026-25895
was published
for
fuxa-server
(npm)
Feb 5, 2026
FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration
Critical
CVE-2026-25894
was published
for
fuxa-server
(npm)
Feb 5, 2026
FUXA Unauthenticated Exposure of Plaintext Database Credentials
Critical
CVE-2026-25751
was published
for
fuxa-server
(npm)
Feb 5, 2026
FUXA Unauthenticated Remote Code Execution via Admin JWT Minting
Critical
CVE-2026-25893
was published
for
fuxa-server
(npm)
Feb 5, 2026
Qwik City Open Redirect via fixTrailingSlash
Low
CVE-2026-25149
was published
for
@builder.io/qwik-city
(npm)
Feb 3, 2026
ProTip!
Advisories are also available from the
GraphQL API