GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
6,388 advisories
browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler
High
CVE-2026-49143
was published
for
browserstack-runner
(npm)
Jun 3, 2026
Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection
High
CVE-2026-44486
was published
for
axios
(npm)
Jun 4, 2026
Allocation of Resources Without Limits or Throttling in Axios
High
CVE-2026-44488
was published
for
axios
(npm)
Jun 4, 2026
Better Auth: Device authorization approve and deny accept any authenticated session while the user code is pending
High
CVE-2026-45337
was published
for
better-auth
(npm)
Jun 4, 2026
React Router vulnerable to Denial of Service via reflected user input in single-fetch
High
CVE-2026-34077
was published
for
react-router
(npm)
Jun 4, 2026
Hono: JWT middleware accepts any Authorization scheme, not only Bearer
Moderate
CVE-2026-47673
was published
for
hono
(npm)
Jun 4, 2026
Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection
Moderate
CVE-2026-47675
was published
for
hono
(npm)
Jun 4, 2026
Hono: IP Restriction bypasses static deny rules for non-canonical IPv6
Moderate
CVE-2026-47674
was published
for
hono
(npm)
Jun 4, 2026
Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths
Moderate
CVE-2026-47676
was published
for
hono
(npm)
Jun 4, 2026
MCP Server Kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration
Moderate
CVE-2026-47250
was published
for
mcp-server-kubernetes
(npm)
Jun 5, 2026
NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation Endpoints
Moderate
CVE-2026-47279
was published
for
nocodb
(npm)
Jun 5, 2026
NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`
Moderate
CVE-2026-47375
was published
for
nocodb
(npm)
Jun 5, 2026
NocoDB: Reflected Cross-Site Scripting via Password Reset Token
Moderate
CVE-2026-47376
was published
for
nocodb
(npm)
Jun 5, 2026
NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin
Moderate
CVE-2026-47377
was published
for
nocodb
(npm)
Jun 5, 2026
NocoDB: Hidden Column Exposure in Public Shared View Endpoints
Moderate
CVE-2026-47378
was published
for
nocodb
(npm)
Jun 5, 2026
NocoDB: Plaintext Password Comparison in Shared Views
Moderate
CVE-2026-47379
was published
for
nocodb
(npm)
Jun 5, 2026
NocoDB: User Enumeration via Sign-In Timing
Low
CVE-2026-47380
was published
for
nocodb
(npm)
Jun 5, 2026
NocoDB: Cross-Workspace Integration Use in Connection Test
Moderate
CVE-2026-47381
was published
for
nocodb
(npm)
Jun 5, 2026
NocoDB: Server-Side Request Forgery via Database Connection Host
Moderate
CVE-2026-47382
was published
for
nocodb
(npm)
Jun 5, 2026
NocoDB: Stored Cross-Site Scripting via Row Comments
High
CVE-2026-47383
was published
for
nocodb
(npm)
Jun 5, 2026
NocoDB: SQL Injection via Column Title in Bulk GroupBy
Moderate
CVE-2026-47384
was published
for
nocodb
(npm)
Jun 5, 2026
NocoDB: Path Traversal via SQLite Source Filename
Moderate
CVE-2026-47385
was published
for
nocodb
(npm)
Jun 5, 2026
ProTip!
Advisories are also available from the
GraphQL API