GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
9 advisories
Astro's bypass of image proxy domain validation leads to SSRF and potential XSS
High
CVE-2025-59837
was published
for
astro
(npm)
Oct 28, 2025
PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass)
High
CVE-2026-44334
was published
for
praisonai
(pip)
May 6, 2026
Caddy CVE-2026-30852 Fix Bypass
Moderate
GHSA-wwhq-w58m-w29c
was published
for
github.com/caddyserver/caddy/v2
(Go)
May 19, 2026
PHPSpreadsheet has a patch bypass for CVE-2026-34084
Critical
CVE-2026-45034
was published
for
phpoffice/phpspreadsheet
(Composer)
Jun 8, 2026
OpenTelemetry Operator for Kubernetes's ServiceMonitor bearerTokenFile reads arbitrary local file and sends contents as bearer auth
High
CVE-2026-47701
was published
for
github.com/open-telemetry/opentelemetry-operator
(Go)
Jun 10, 2026
Fluentd is Vulnerable to Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder
Critical
CVE-2026-44024
was published
for
fluentd
(RubyGems)
Jun 26, 2026
Fluentd is Vulnerable to Exposure of Sensitive Information via Monitor Agent API
High
CVE-2026-44025
was published
for
fluentd
(RubyGems)
Jun 26, 2026
Fluentd is Vulnerable to Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`
High
CVE-2026-44160
was published
for
fluentd
(RubyGems)
Jun 26, 2026
Fluentd is Vulnerable to Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`
High
CVE-2026-44161
was published
for
fluentd
(RubyGems)
Jun 26, 2026
ProTip!
Advisories are also available from the
GraphQL API