Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

553 advisories

Loading
LucyEgan Credited to LucyEgan
SurrealDB has unauthenticated remote DoS via malformed RPC `use` call High
GHSA-wjjj-24cx-f28g was published for surrealdb (Rust) Jul 1, 2026
protobufjs : Schema-derived names can shadow runtime-significant properties Moderate
CVE-2026-54269 was published for protobufjs (npm) Jun 15, 2026
acorn421 Credited to acorn421 and dcodeIO dcodeIO dcodeIO
Mattermost doesn't filter nil elements from outgoing webhook attachment payloads before processing Moderate
CVE-2026-4915 was published for github.com/mattermost/mattermost-server (Go) May 26, 2026
OpenTelemetry eBPF Instrumentation: Postgres BIND parsing can panic on malformed payloads High
CVE-2026-45678 was published for go.opentelemetry.io/obi (Go) May 18, 2026
MrAlias Credited to MrAlias, grcevski, and rafaelroquetto grcevski grcevski
rafaelroquetto rafaelroquetto
Mattermost doesn't validate the response body of proxied images Moderate
CVE-2026-4054 was published for github.com/mattermost/mattermost-server (Go) May 15, 2026
LinZiyuu Credited to LinZiyuu
LinZiyuu Credited to LinZiyuu
LinZiyuu Credited to LinZiyuu
LinZiyuu Credited to LinZiyuu
net-imap vulnerable to STARTTLS stripping via invalid response timing High
CVE-2026-42246 was published for net-imap (RubyGems) May 4, 2026
Masamuneee Credited to Masamuneee
Clerk has an authorization bypass when combining organization, billing, or reverification checks High
CVE-2026-42349 was published for @clerk/astro (npm) Apr 30, 2026
ProTip! Advisories are also available from the GraphQL API