GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
39 advisories
Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching
Moderate
CVE-2026-25542
was published
for
github.com/tektoncd/pipeline
(Go)
Apr 21, 2026
Istio: AuthorizationPolicy serviceAccounts regex injection via unescaped dots
Moderate
CVE-2026-39350
was published
for
istio.io/istio
(Go)
Apr 16, 2026
OpenClaw safeBins jq `$ENV` filter bypass allows environment variable disclosure
High
GHSA-jccr-rrw2-vc8h
was published
for
openclaw
(npm)
Mar 31, 2026
SVG Dimension Capping Bypass via XML Comment Injection in @dicebear/converter ensureSize()
High
CVE-2026-33418
was published
for
@dicebear/converter
(npm)
Mar 20, 2026
league/commonmark has an embed extension allowed_domains bypass
Moderate
CVE-2026-33347
was published
for
league/commonmark
(Composer)
Mar 19, 2026
Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation
Moderate
CVE-2026-3419
was published
for
fastify
(npm)
Mar 5, 2026
fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names
Critical
CVE-2026-25896
was published
for
fast-xml-parser
(npm)
Feb 20, 2026
Litestar's AllowedHosts has a validation bypass due to unescaped regex metacharacters in configured host patterns
Moderate
CVE-2026-25479
was published
for
litestar
(pip)
Feb 9, 2026
Hono IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing
Moderate
CVE-2026-24398
was published
for
hono
(npm)
Jan 27, 2026
FastAPI Guard has a regex bypass
High
CVE-2025-54365
was published
for
fastapi-guard
(pip)
Jul 23, 2025
parse-uri Regular expression Denial of Service (ReDoS)
Moderate
CVE-2024-36751
was published
for
parse-uri
(npm)
Jan 16, 2025
Incorrect default pattern in Jenkins Audit Trail Plugin
Moderate
CVE-2020-2288
was published
for
org.jenkins-ci.plugins:audit-trail
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API