Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

67 advisories

Loading
canto-saas-api: OAuth credentials exposed in URL query string and exception messages Moderate
CVE-2026-55375 was published for jleehr/canto-saas-api (Composer) Jun 19, 2026
jleehr Credited to jleehr
nebula-mesh: Newly-minted operator API key exposed in redirect URL (Referer, history, proxy logs) Moderate
CVE-2026-47768 was published for github.com/juev/nebula-mesh (Go) Jun 10, 2026
ak2k Credited to ak2k
Portainer: JWT accepted in URL query leaks tokens to logs and referers High
CVE-2026-44883 was published for github.com/portainer/portainer (Go) May 14, 2026
scanpwn Credited to scanpwn
AVideo: Password Hash Leak in MobileManager OAuth Redirect URL Enables Account Takeover Moderate
CVE-2026-43875 was published for wwbn/avideo (Composer) May 5, 2026
offset Credited to offset
Apache OpenMeetings Uses GET Request Method With Sensitive Query Strings High
CVE-2026-34020 was published for org.apache.openmeetings:openmeetings-parent (Maven) Apr 9, 2026
Nhost Leaks Refresh Tokens via URL Query Parameter in OAuth Provider Callback Low
CVE-2026-34969 was published for github.com/nhost/nhost (Go) Apr 1, 2026
0xkakash1 Credited to 0xkakash1
openssl-encrypt accepts refresh tokens as URL query parameters causing token leakage Moderate
GHSA-4rh7-jwg9-m28m was published for openssl-encrypt (pip) Apr 1, 2026
PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems Moderate
CVE-2026-33620 was published for github.com/pinchtab/pinchtab (Go) Mar 24, 2026
mean3374 Credited to mean3374
Gogs: Access tokens get exposed through URL params in API requests Moderate
CVE-2026-26196 was published for gogs.io/gogs (Go) Mar 5, 2026
rezmoss Credited to rezmoss
ProTip! Advisories are also available from the GraphQL API