Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

347,788 advisories

Loading
Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation Low
CVE-2026-4874 was published for org.keycloak:keycloak-services (Maven) Mar 26, 2026
krapovneru Credited to krapovneru, dnegreira, and ahus1 dnegreira dnegreira
ahus1 ahus1
MantisBT: Stored XSS in print_all_bug_page_word.php High
CVE-2026-62944 was published for mantisbt/mantisbt (Composer) Jul 15, 2026
dracosectech-code Credited to dracosectech-code and dregad dregad dregad
MantisBT: Injection of TIME_TRACKING and REMINDER Notes via REST and SOAP APIs Moderate
CVE-2026-52883 was published for mantisbt/mantisbt (Composer) Jul 15, 2026
byteoverride Credited to byteoverride and dregad dregad dregad
MantisBT: SOAP API Authentication Bypass with Privilege Escalation to Administrator Critical
CVE-2026-47156 was published for mantisbt/mantisbt (Composer) Jul 15, 2026
McCaulay Credited to McCaulay, dregad, tyage, voraci0us, and chndlrx dregad dregad
tyage tyage voraci0us voraci0us chndlrx chndlrx
MantisBT: REST and SOAP API Issue Update Accepts Unreleased Product Versions From Updaters Moderate
CVE-2026-52882 was published for mantisbt/mantisbt (Composer) Jul 15, 2026
dregad Credited to dregad
Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim Low
CVE-2026-37977 was published for org.keycloak:keycloak-services (Maven) Apr 6, 2026
ahus1 Credited to ahus1
MantisBT: Reflected XSS in admin/install.php via unescaped printf Critical
CVE-2026-52881 was published for mantisbt/mantisbt (Composer) Jul 15, 2026
McCaulay Credited to McCaulay and dregad dregad dregad
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File... Critical Unreviewed
CVE-2026-46817 was published May 28, 2026
Anthropic's MCP TypeScript SDK has a ReDoS vulnerability High
CVE-2026-0621 was published for @modelcontextprotocol/sdk (npm) Jan 5, 2026
Clashsoft Credited to Clashsoft and albertabiev1 albertabiev1 albertabiev1
Dell ThinOS 10, versions prior to 2605_10.2100 contain a Protection Mechanism Failure... Moderate Unreviewed
CVE-2026-56087 was published Jul 15, 2026
ProTip! Advisories are also available from the GraphQL API