GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7 advisories
fast-xml-parser has stack overflow in XMLBuilder with preserveOrder
Low
CVE-2026-27942
was published
for
fast-xml-parser
(npm)
Feb 26, 2026
Keycloak logs sensitive headers
Moderate
CVE-2025-11537
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Feb 10, 2026
Keycloak services allows the issuance of access and refresh tokens for disabled users
Moderate
CVE-2025-14559
was published
for
org.keycloak:keycloak-services
(Maven)
Jan 21, 2026
Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions
Low
CVE-2025-14082
was published
for
org.keycloak:keycloak-services
(Maven)
Dec 10, 2025
Duplicate Advisory: Keycloak error_description injection on error pages that can trigger phishing attacks
Moderate
GHSA-xmcw-mv9p-7pq2
was published
for
org.keycloak:keycloak-account-ui
(Maven)
Sep 5, 2025
•
withdrawn
DOMPurify allows Cross-site Scripting (XSS)
Moderate
CVE-2025-26791
was published
for
dompurify
(npm)
Feb 14, 2025
ProTip!
Advisories are also available from the
GraphQL API