Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

164,136 advisories

Loading
ExifReader HEIC/AVIF ISO-BMFF parser throws uncaught RangeError on truncated boxes Moderate
CVE-2026-53496 was published for exifreader (npm) Jul 17, 2026
YHalo-wyh Credited to YHalo-wyh
mcp-memory-keeper: Arbitrary local file read in context_import via unvalidated filePath Moderate
CVE-2026-54561 was published for mcp-memory-keeper (npm) Jul 17, 2026
mcfly-zzh Credited to mcfly-zzh
Formie: Missing authorization in administrative settings allows low-privileged CP users to modify plugin configuration Moderate
GHSA-cvpc-hccg-wmw4 was published for verbb/formie (Composer) Jul 17, 2026
chaitanyagarware Credited to chaitanyagarware
tonghuaroot Credited to tonghuaroot
plone.restapi: Stored XSS by spoofing mime type Moderate
GHSA-8rqh-vxpr-x77p was published for plone.restapi (pip) Jul 17, 2026
gyst Credited to gyst
plone.app.textfield: Stored XSS by spoofing mime type Moderate
CVE-2026-54503 was published for plone.app.textfield (pip) Jul 17, 2026
gyst Credited to gyst
Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows... Moderate Unreviewed
CVE-2026-63096 was published Jul 17, 2026
Skipper: Unbounded Request Body Read in Admission Webhook Causes Memory Exhaustion DoS Moderate
CVE-2026-54247 was published for github.com/zalando/skipper (Go) Jul 17, 2026
alcls01111 Credited to alcls01111
vLLM: Speech-to-text upload size limit is enforced after full UploadFile read Moderate
CVE-2026-55646 was published for vllm (pip) Jul 17, 2026
rexpository Credited to rexpository and jperezdealgaba jperezdealgaba jperezdealgaba
kexinoh Credited to kexinoh, russellb, DarkLight1337, and Isotr0py russellb russellb
DarkLight1337 DarkLight1337 Isotr0py Isotr0py
ProTip! Advisories are also available from the GraphQL API