Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

164,177 advisories

Loading
WebOb: Location header normalization during redirect leads to open redirect - again Moderate
CVE-2026-44889 was published for webob (pip) Jun 4, 2026
ac0d3r Credited to ac0d3r and Lyutoon Lyutoon Lyutoon
Filament has inconsistent scope enforcement for its AttachAction and AssociateAction Select fields Moderate
CVE-2026-48067 was published for filament/actions (Composer) Jun 11, 2026
baradika Credited to baradika and danharrin danharrin danharrin
Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization Moderate
CVE-2026-44311 was published for fabric (npm) Jun 12, 2026
Astro: XSS via Unescaped Attribute Names in Spread Props Moderate
CVE-2026-54298 was published for astro (npm) Jun 16, 2026
Texuguinho1234 Credited to Texuguinho1234
@astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config Moderate
CVE-2026-54300 was published for @astrojs/netlify (npm) Jun 16, 2026
DavidCarliez Credited to DavidCarliez
ZITADEL: Missing Token Lifecyle Validation (`exp` and `iat`) in JWT IdP Provider Moderate
CVE-2026-56664 was published for github.com/zitadel/zitadel (Go) Jun 18, 2026
Android-Login-Analysis Credited to Android-Login-Analysis, livio-a, and IAM-marco livio-a livio-a
IAM-marco IAM-marco
katello: missing repository authorization in content_uploads exposes cross-product content existence Moderate
CVE-2026-12515 was published for katello (RubyGems) Jun 17, 2026
decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds Moderate
CVE-2024-45594 was published for decidim-meetings (RubyGems) Nov 13, 2024
whotwagner Credited to whotwagner
A weakness has been identified in Sipeed PicoClaw up to 0.2.9. This impacts the function... Moderate Unreviewed
CVE-2026-16084 was published Jul 18, 2026
Skipper's routesrv-no-auth component: All routesrv API Endpoints Lack Authentication Moderate
CVE-2026-54246 was published for github.com/zalando/skipper (Go) Jul 17, 2026
alcls01111 Credited to alcls01111
ProTip! Advisories are also available from the GraphQL API