GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3 advisories
Budibase auth session cookies are set with httpOnly:false — any XSS can lead to full account takeover
High
GHSA-4f9j-vr4p-642r
was published
for
@budibase/backend-core
(npm)
Apr 24, 2026
go-git: Credential leak via cross-host redirect in smart HTTP transport
Moderate
CVE-2026-41506
was published
for
github.com/go-git/go-git/v5
(Go)
Apr 17, 2026
Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints
Critical
CVE-2026-41428
was published
for
@budibase/backend-core
(npm)
Apr 16, 2026
ProTip!
Advisories are also available from the
GraphQL API