Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

164,179 advisories

Loading
n8n: Webhook Forgery on Github Webhook Trigger Moderate
CVE-2026-56357 was published for n8n (npm) Feb 26, 2026
simonkoeck Credited to simonkoeck
UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps() Moderate
CVE-2026-54911 was published for ujson (pip) Jun 19, 2026
Zwique Credited to Zwique, bwoodsend, and hugovk bwoodsend bwoodsend
hugovk hugovk
WebOb: Location header normalization during redirect leads to open redirect - again Moderate
CVE-2026-44889 was published for webob (pip) Jun 4, 2026
ac0d3r Credited to ac0d3r and Lyutoon Lyutoon Lyutoon
Filament has inconsistent scope enforcement for its AttachAction and AssociateAction Select fields Moderate
CVE-2026-48067 was published for filament/actions (Composer) Jun 11, 2026
baradika Credited to baradika and danharrin danharrin danharrin
Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization Moderate
CVE-2026-44311 was published for fabric (npm) Jun 12, 2026
Astro: XSS via Unescaped Attribute Names in Spread Props Moderate
CVE-2026-54298 was published for astro (npm) Jun 16, 2026
Texuguinho1234 Credited to Texuguinho1234
@astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config Moderate
CVE-2026-54300 was published for @astrojs/netlify (npm) Jun 16, 2026
DavidCarliez Credited to DavidCarliez
ZITADEL: Missing Token Lifecyle Validation (`exp` and `iat`) in JWT IdP Provider Moderate
CVE-2026-56664 was published for github.com/zitadel/zitadel (Go) Jun 18, 2026
Android-Login-Analysis Credited to Android-Login-Analysis, livio-a, and IAM-marco livio-a livio-a
IAM-marco IAM-marco
katello: missing repository authorization in content_uploads exposes cross-product content existence Moderate
CVE-2026-12515 was published for katello (RubyGems) Jun 17, 2026
decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds Moderate
CVE-2024-45594 was published for decidim-meetings (RubyGems) Nov 13, 2024
whotwagner Credited to whotwagner
A weakness has been identified in Sipeed PicoClaw up to 0.2.9. This impacts the function... Moderate Unreviewed
CVE-2026-16084 was published Jul 18, 2026
Skipper's routesrv-no-auth component: All routesrv API Endpoints Lack Authentication Moderate
CVE-2026-54246 was published for github.com/zalando/skipper (Go) Jul 17, 2026
alcls01111 Credited to alcls01111
ProTip! Advisories are also available from the GraphQL API