GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
6,424 advisories
Emissary has a Path Traversal via Blacklist Bypass in Configuration API
Moderate
CVE-2026-35583
was published
for
gov.nsa.emissary:emissary
(Maven)
Apr 8, 2026
Emissary has a Command Injection via PLACE_NAME Configuration in Executrix
High
CVE-2026-35581
was published
for
gov.nsa.emissary:emissary
(Maven)
Apr 8, 2026
Emissary has GitHub Actions Shell Injection via Workflow Inputs
Critical
CVE-2026-35580
was published
for
gov.nsa.emissary:emissary
(Maven)
Apr 8, 2026
Emissary has Stored XSS via Navigation Template Link Injection
Moderate
CVE-2026-35571
was published
for
gov.nsa.emissary:emissary
(Maven)
Apr 7, 2026
Java-SDK has a DNS Rebinding Vulnerability
High
CVE-2026-35568
was published
for
io.modelcontextprotocol.sdk:mcp-core
(Maven)
Apr 7, 2026
OpenIdentityPlatform OpenAM: Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM
Critical
CVE-2026-33439
was published
for
org.openidentityplatform.openam:openam
(Maven)
Apr 7, 2026
Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition
High
CVE-2026-35554
was published
for
org.apache.kafka:kafka-clients
(Maven)
Apr 7, 2026
Authenticated Apache ActiveMQ Broker and Apache ActiveMQ users could perform RCE via Jolokia MBeans
High
CVE-2026-34197
was published
for
org.apache.activemq:activemq-all
(Maven)
Apr 7, 2026
Jackson Core: Document length constraint bypass in blocking, async, and DataInput parsers
High
GHSA-2m67-wjpj-xhg9
was published
for
tools.jackson.core:jackson-core
(Maven)
Apr 4, 2026
MCP Java SDK has a Hardcoded Wildcard CORS (Access-Control-Allow-Origin: *)
Moderate
CVE-2026-34237
was published
for
io.modelcontextprotocol.sdk:mcp-core
(Maven)
Mar 30, 2026
FHIR Validator HTTP service has SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft
Critical
CVE-2026-34361
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.validation
(Maven)
Mar 30, 2026
FHIR Validator: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing
Moderate
CVE-2026-34360
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.core
(Maven)
Mar 30, 2026
HAPI FHIR Core has Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect
High
CVE-2026-34359
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.core
(Maven)
Mar 30, 2026
ProTip!
Advisories are also available from the
GraphQL API