Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

2,224 advisories

Loading
NocoDB: OAuth Tokens Persist Through Security Events Moderate
GHSA-g72g-r7m4-9x4g was published for nocodb (npm) Jun 5, 2026
bugbunny-research Credited to bugbunny-research
NocoDB: OAuth Authorization Code Race Condition Moderate
CVE-2026-47386 was published for nocodb (npm) Jun 5, 2026
NocoDB: Path Traversal via SQLite Source Filename Moderate
CVE-2026-47385 was published for nocodb (npm) Jun 5, 2026
Mouhebbenelwafi Credited to Mouhebbenelwafi
NocoDB: SQL Injection via Column Title in Bulk GroupBy Moderate
CVE-2026-47384 was published for nocodb (npm) Jun 5, 2026
geo-chen Credited to geo-chen
NocoDB: Server-Side Request Forgery via Database Connection Host Moderate
CVE-2026-47382 was published for nocodb (npm) Jun 5, 2026
helwor-01 Credited to helwor-01
NocoDB: Cross-Workspace Integration Use in Connection Test Moderate
CVE-2026-47381 was published for nocodb (npm) Jun 5, 2026
DongyangLyu Credited to DongyangLyu
NocoDB: Plaintext Password Comparison in Shared Views Moderate
CVE-2026-47379 was published for nocodb (npm) Jun 5, 2026
Proscan-one Credited to Proscan-one
NocoDB: Hidden Column Exposure in Public Shared View Endpoints Moderate
CVE-2026-47378 was published for nocodb (npm) Jun 5, 2026
0xBassia Credited to 0xBassia
NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin Moderate
CVE-2026-47377 was published for nocodb (npm) Jun 5, 2026
fg0x0 Credited to fg0x0
NocoDB: Reflected Cross-Site Scripting via Password Reset Token Moderate
CVE-2026-47376 was published for nocodb (npm) Jun 5, 2026
fg0x0 Credited to fg0x0
NocoDB: Postgres SQL Injection in Formula `ARRAYSORT` Moderate
CVE-2026-47375 was published for nocodb (npm) Jun 5, 2026
leduckhuong Credited to leduckhuong
NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation Endpoints Moderate
CVE-2026-47279 was published for nocodb (npm) Jun 5, 2026
leduckhuong Credited to leduckhuong
MCP Server Kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration Moderate
CVE-2026-47250 was published for mcp-server-kubernetes (npm) Jun 5, 2026
yotampe-pluto Credited to yotampe-pluto
Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths Moderate
CVE-2026-47676 was published for hono (npm) Jun 4, 2026
Rootingg Credited to Rootingg
Hono: IP Restriction bypasses static deny rules for non-canonical IPv6 Moderate
CVE-2026-47674 was published for hono (npm) Jun 4, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection Moderate
CVE-2026-47675 was published for hono (npm) Jun 4, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
Hono: JWT middleware accepts any Authorization scheme, not only Bearer Moderate
CVE-2026-47673 was published for hono (npm) Jun 4, 2026
SQU4NCH Credited to SQU4NCH
React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation Moderate
CVE-2026-40181 was published for react-router (npm) Jun 3, 2026
React Router has stored XSS via unescaped Location header in prerendered redirect HTML Moderate
CVE-2026-33244 was published for react-router (npm) Jun 3, 2026
yuito-it Credited to yuito-it
Bootstrap Vulnerable to Cross-Site Scripting Moderate
CVE-2019-8331 was published for Bootstrap.Less (RubyGems) Feb 22, 2019
flavorjones Credited to flavorjones and jasnow jasnow jasnow
Summarize's hover summary feature allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links Moderate
CVE-2026-45245 was published for @steipete/summarize (npm) May 18, 2026
Summarize contains a missing authorization vulnerability Moderate
CVE-2026-45243 was published for @steipete/summarize (npm) May 18, 2026
Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers Moderate
CVE-2026-47248 was published for parse-server (npm) May 29, 2026
offset Credited to offset and mtrezza mtrezza mtrezza
NodeVM observability builtins leak host process and HTTP request data Moderate
CVE-2026-47141 was published for vm2 (npm) May 29, 2026
spbavarva Credited to spbavarva
ExifReader is vulnerable to denial of service via unbounded decompression of image metadata Moderate
CVE-2026-8814 was published for exifreader (npm) May 29, 2026
yuki-matsuhashi Credited to yuki-matsuhashi
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database