Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

10 advisories

Loading
Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization Moderate
CVE-2026-0707 was published for org.keycloak:keycloak-parent (Maven) Jan 8, 2026
Keycloak: UMA Policy Resource Injection Allows Unauthorized Cross-User Permission Grants High
CVE-2026-4636 was published for org.keycloak:keycloak-services (Maven) Apr 2, 2026
Authorization bypass in Quarkus High
CVE-2023-6394 was published for io.quarkus:quarkus-smallrye-graphql-client (Maven) Dec 9, 2023
cescoffier Credited to cescoffier
Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources High
CVE-2021-28165 was published for org.eclipse.jetty:jetty-server (Maven) Apr 6, 2021
Dompdf vulnerable to URI validation failure on SVG parsing Critical
CVE-2023-23924 was published for dompdf/dompdf (Composer) Feb 1, 2023
Blaklis Credited to Blaklis
Authorization Before Parsing and Canonicalization in jetty Moderate
CVE-2021-28164 was published for org.eclipse.jetty:jetty-webapp (Maven) Apr 6, 2021
charlesk40 Credited to charlesk40
Encoded URIs can access WEB-INF directory in Eclipse Jetty Moderate
CVE-2021-34429 was published for org.eclipse.jetty:jetty-webapp (Maven) Jul 19, 2021
cangqingzhe Credited to cangqingzhe and lachlan-roberts lachlan-roberts lachlan-roberts
ProTip! Advisories are also available from the GraphQL API