Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,437
Maven
5,000+
npm
5,000+
NuGet
883
pip
4,695
Pub
13
RubyGems
1,031
Rust
1,222
Swift
53
Unreviewed advisories
All unreviewed
5,000+

15 advisories

Loading
Java-SDK has a DNS Rebinding Vulnerability High
CVE-2026-35568 was published for io.modelcontextprotocol.sdk:mcp-core (Maven) Apr 7, 2026
JLLeitschuh Credited to JLLeitschuh
DNS Rebinding Protection Disabled by Default in Model Context Protocol Go SDK for Servers Running on Localhost High
CVE-2026-34742 was published for github.com/modelcontextprotocol/go-sdk (Go) Apr 1, 2026
JLLeitschuh Credited to JLLeitschuh
Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode High
CVE-2025-64443 was published for github.com/docker/mcp-gateway (Go) Dec 3, 2025
JLLeitschuh Credited to JLLeitschuh
Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default High
CVE-2025-66416 was published for mcp (pip) Dec 2, 2025
JLLeitschuh Credited to JLLeitschuh
Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default High
CVE-2025-66414 was published for @modelcontextprotocol/sdk (npm) Dec 2, 2025
JLLeitschuh Credited to JLLeitschuh
Playwright downloads and installs browsers without verifying the authenticity of the SSL certificate High
CVE-2025-59288 was published for playwright (npm) Oct 14, 2025
JLLeitschuh Credited to JLLeitschuh
@nyariv/sandboxjs has Prototype Pollution vulnerability that may lead to RCE High
CVE-2025-34146 was published for @nyariv/sandboxjs (npm) Jul 31, 2025
JLLeitschuh Credited to JLLeitschuh
HL7 FHIR Partial Path Zip Slip due to bypass of CVE-2023-24057 High
CVE-2023-28465 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Mar 10, 2023
JLLeitschuh Credited to JLLeitschuh
SnakeYaml Constructor Deserialization Remote Code Execution High
CVE-2022-1471 was published for org.yaml:snakeyaml (Maven) Dec 12, 2022
justintaft Credited to justintaft, securisec, JLLeitschuh, DmitriyLewen, yairmzr, and pjfanning securisec securisec
JLLeitschuh JLLeitschuh DmitriyLewen DmitriyLewen yairmzr yairmzr pjfanning pjfanning
Partial Path Traversal in com.amazonaws:aws-java-sdk-s3 High
CVE-2022-31159 was published for com.amazonaws:aws-java-sdk-s3 (Maven) Jul 15, 2022
JLLeitschuh Credited to JLLeitschuh
Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot High
CVE-2022-27772 was published for org.springframework.boot:spring-boot (Maven) Jul 11, 2022
trgpa Credited to trgpa and JLLeitschuh JLLeitschuh JLLeitschuh
Temporary Directory Hijacking Vulnerability in Keycloak High
CVE-2021-20202 was published for org.keycloak:keycloak-core (Maven) Mar 18, 2022
JLLeitschuh Credited to JLLeitschuh
Cached redirect poisoning via X-Forwarded-Host header High
CVE-2021-29479 was published for io.ratpack:ratpack-core (Maven) Jul 1, 2021
JLLeitschuh Credited to JLLeitschuh
Local Temp Directory Hijacking Vulnerability High
CVE-2020-27216 was published for org.eclipse.jetty:jetty-webapp (Maven) Nov 4, 2020
JLLeitschuh Credited to JLLeitschuh and timtebeek timtebeek timtebeek
graphite.composer.views.send_email vulnerable to SSRF High
CVE-2017-18638 was published for graphite-web (pip) Oct 25, 2019
JLLeitschuh Credited to JLLeitschuh, alex, and orangetw alex alex
orangetw orangetw
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database