Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

164,150 advisories

Loading
Skipper's routesrv-no-auth component: All routesrv API Endpoints Lack Authentication Moderate
CVE-2026-54246 was published for github.com/zalando/skipper (Go) Jul 17, 2026
alcls01111 Credited to alcls01111
PocketSphinx: Buffer overflows in language and acoustic model loading code Moderate
CVE-2026-54559 was published for pocketsphinx (pip) Jul 17, 2026
damseleng Credited to damseleng
AngleSharp HTML5 Spec Compliance: mXSS via annotation-xml HTML Integration Point Bypass Moderate
CVE-2026-54570 was published for AngleSharp (NuGet) Jul 17, 2026
internetpestcontrol Credited to internetpestcontrol
Spring AI's VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration Moderate
CVE-2026-40966 was published for org.springframework.ai:spring-ai-advisors-vector-store (Maven) Apr 28, 2026
Seol-JY Credited to Seol-JY
Spring Security Core has a TOCTOU race condition when One-Time Token login with JdbcOneTimeTokenService is configured Moderate
CVE-2026-22751 was published for org.springframework.security:spring-security-core (Maven) Apr 21, 2026
Seol-JY Credited to Seol-JY
x0root Credited to x0root
ExifReader HEIC/AVIF ISO-BMFF parser throws uncaught RangeError on truncated boxes Moderate
CVE-2026-53496 was published for exifreader (npm) Jul 17, 2026
YHalo-wyh Credited to YHalo-wyh
mcp-memory-keeper: Arbitrary local file read in context_import via unvalidated filePath Moderate
CVE-2026-54561 was published for mcp-memory-keeper (npm) Jul 17, 2026
mcfly-zzh Credited to mcfly-zzh
Formie: Missing authorization in administrative settings allows low-privileged CP users to modify plugin configuration Moderate
GHSA-cvpc-hccg-wmw4 was published for verbb/formie (Composer) Jul 17, 2026
chaitanyagarware Credited to chaitanyagarware
tonghuaroot Credited to tonghuaroot
plone.restapi: Stored XSS by spoofing mime type Moderate
GHSA-8rqh-vxpr-x77p was published for plone.restapi (pip) Jul 17, 2026
gyst Credited to gyst
plone.app.textfield: Stored XSS by spoofing mime type Moderate
CVE-2026-54503 was published for plone.app.textfield (pip) Jul 17, 2026
gyst Credited to gyst
ProTip! Advisories are also available from the GraphQL API