Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

6,387 advisories

Loading
TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection High
CVE-2026-47761 was published for TinyMCE (Composer) Jun 5, 2026
UncleJ4ck Credited to UncleJ4ck and ange-primiterra ange-primiterra ange-primiterra
TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments High
CVE-2026-47762 was published for TinyMCE (Composer) Jun 5, 2026
he1d3n Credited to he1d3n
TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes High
CVE-2026-47759 was published for TinyMCE (Composer) Jun 5, 2026
mtrill47 Credited to mtrill47 and he1d3n he1d3n he1d3n
TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs High
CVE-2026-47760 was published for TinyMCE (Composer) Jun 5, 2026
maple3142 Credited to maple3142
NocoDB: OAuth Tokens Persist Through Security Events Moderate
GHSA-g72g-r7m4-9x4g was published for nocodb (npm) Jun 5, 2026
bugbunny-research Credited to bugbunny-research
DbGate: Remote Code Execution via functionName injection in loadReader endpoint High
CVE-2026-48017 was published for dbgate-api (npm) Jun 5, 2026
romain-deperne Credited to romain-deperne
Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP High
CVE-2026-47684 was published for @sync-in/server (npm) Jun 5, 2026
x0root Credited to x0root and johaven johaven johaven
Authenticated Remote Code Execution via loadReader functionName code injection in DbGate Critical
CVE-2026-47670 was published for dbgate-api (npm) Jun 5, 2026
tomasvanagas Credited to tomasvanagas
DbGate: Zip Slip in archive/unzip allows arbitrary file write leading to RCE Critical
CVE-2026-47669 was published for dbgate (npm) Jun 5, 2026
DbGate: Unauthenticated Remote Code Execution via JSON Script Runner Critical
CVE-2026-47668 was published for dbgate-serve (npm) Jun 5, 2026
benharvey-sage Credited to benharvey-sage
NocoDB: Missing Ownership Check in MCP Attachment Read Low
CVE-2026-47388 was published for nocodb (npm) Jun 5, 2026
helwor-01 Credited to helwor-01
NocoDB: Stored Cross-Site Scripting via Form View Redirect URL High
CVE-2026-47387 was published for nocodb (npm) Jun 5, 2026
kah-ja Credited to kah-ja
NocoDB: OAuth Authorization Code Race Condition Moderate
CVE-2026-47386 was published for nocodb (npm) Jun 5, 2026
NocoDB: Path Traversal via SQLite Source Filename Moderate
CVE-2026-47385 was published for nocodb (npm) Jun 5, 2026
Mouhebbenelwafi Credited to Mouhebbenelwafi
NocoDB: SQL Injection via Column Title in Bulk GroupBy Moderate
CVE-2026-47384 was published for nocodb (npm) Jun 5, 2026
geo-chen Credited to geo-chen
NocoDB: Stored Cross-Site Scripting via Row Comments High
CVE-2026-47383 was published for nocodb (npm) Jun 5, 2026
DavidCarliez Credited to DavidCarliez and Mouhebbenelwafi Mouhebbenelwafi Mouhebbenelwafi
NocoDB: Server-Side Request Forgery via Database Connection Host Moderate
CVE-2026-47382 was published for nocodb (npm) Jun 5, 2026
helwor-01 Credited to helwor-01
NocoDB: Cross-Workspace Integration Use in Connection Test Moderate
CVE-2026-47381 was published for nocodb (npm) Jun 5, 2026
DongyangLyu Credited to DongyangLyu
NocoDB: User Enumeration via Sign-In Timing Low
CVE-2026-47380 was published for nocodb (npm) Jun 5, 2026
AndyAnh174 Credited to AndyAnh174
NocoDB: Plaintext Password Comparison in Shared Views Moderate
CVE-2026-47379 was published for nocodb (npm) Jun 5, 2026
Proscan-one Credited to Proscan-one
NocoDB: Hidden Column Exposure in Public Shared View Endpoints Moderate
CVE-2026-47378 was published for nocodb (npm) Jun 5, 2026
0xBassia Credited to 0xBassia
NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin Moderate
CVE-2026-47377 was published for nocodb (npm) Jun 5, 2026
fg0x0 Credited to fg0x0
NocoDB: Reflected Cross-Site Scripting via Password Reset Token Moderate
CVE-2026-47376 was published for nocodb (npm) Jun 5, 2026
fg0x0 Credited to fg0x0
NocoDB: Postgres SQL Injection in Formula `ARRAYSORT` Moderate
CVE-2026-47375 was published for nocodb (npm) Jun 5, 2026
leduckhuong Credited to leduckhuong
NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation Endpoints Moderate
CVE-2026-47279 was published for nocodb (npm) Jun 5, 2026
leduckhuong Credited to leduckhuong
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database