Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

103 advisories

Loading
LucyEgan Credited to LucyEgan
SurrealDB has unauthenticated remote DoS via malformed RPC `use` call High
GHSA-wjjj-24cx-f28g was published for surrealdb (Rust) Jul 1, 2026
protobufjs : Schema-derived names can shadow runtime-significant properties Moderate
CVE-2026-54269 was published for protobufjs (npm) Jun 15, 2026
acorn421 Credited to acorn421 and dcodeIO dcodeIO dcodeIO
Mattermost doesn't filter nil elements from outgoing webhook attachment payloads before processing Moderate
CVE-2026-4915 was published for github.com/mattermost/mattermost-server (Go) May 26, 2026
OpenTelemetry eBPF Instrumentation: Postgres BIND parsing can panic on malformed payloads High
CVE-2026-45678 was published for go.opentelemetry.io/obi (Go) May 18, 2026
MrAlias Credited to MrAlias, grcevski, and rafaelroquetto grcevski grcevski
rafaelroquetto rafaelroquetto
Mattermost doesn't validate the response body of proxied images Moderate
CVE-2026-4054 was published for github.com/mattermost/mattermost-server (Go) May 15, 2026
LinZiyuu Credited to LinZiyuu
LinZiyuu Credited to LinZiyuu
LinZiyuu Credited to LinZiyuu
LinZiyuu Credited to LinZiyuu
net-imap vulnerable to STARTTLS stripping via invalid response timing High
CVE-2026-42246 was published for net-imap (RubyGems) May 4, 2026
Masamuneee Credited to Masamuneee
Clerk has an authorization bypass when combining organization, billing, or reverification checks High
CVE-2026-42349 was published for @clerk/astro (npm) Apr 30, 2026
Admidio Missing Minimum Administrator Check in Role Membership Removal Moderate
CVE-2026-41662 was published for admidio/admidio (Composer) Apr 29, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
nimiq-blockchain: Peer-triggerable panic during history sync Moderate
CVE-2026-34066 was published for nimiq-blockchain (Rust) Apr 22, 2026
1seal Credited to 1seal and ii-cruz ii-cruz ii-cruz
uutils coreutils has an Improper Check for Unusual or Exceptional Conditions Moderate
CVE-2026-35366 was published for coreutils (Rust) Apr 22, 2026
free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creation Moderate
CVE-2026-40343 was published for github.com/free5gc/udr (Go) Apr 21, 2026
Giancannella Credited to Giancannella
Giancannella Credited to Giancannella and FrancescoDAlterio FrancescoDAlterio FrancescoDAlterio
bsv-sdk ARC broadcaster treats INVALID/MALFORMED/ORPHAN responses as successful broadcasts High
CVE-2026-40069 was published for bsv-sdk (RubyGems) Apr 9, 2026
sgbett Credited to sgbett
Cosign's verify-blob-attestation reports false positive when payload parsing fails Moderate
CVE-2026-39395 was published for github.com/sigstore/cosign (Go) Apr 8, 2026
kodareef5 Credited to kodareef5
OpenClaw: Security Scan Failure Does Not Block Plugin Installation (Fail-Open) Low
CVE-2026-41377 was published for openclaw (npm) Apr 2, 2026
davidluzsilva Credited to davidluzsilva
Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation High
CVE-2026-33939 was published for handlebars (npm) Mar 27, 2026
trace37labs Credited to trace37labs
Mattermost: Authenticated DoS through failure to prevent rendering of external SVGs on link embeds Moderate
CVE-2026-20719 was published for github.com/mattermost/mattermost/server/v8 (Go) Mar 25, 2026
@grackle-ai/server JSON.parse lacks try-catch logic in its gRPC Service AdapterConfig Handling Low
GHSA-8g29-8xwr-qmhr was published for @grackle-ai/server (npm) Mar 25, 2026
socket.io allows an unbounded number of binary attachments High
CVE-2026-33151 was published for socket.io-parser (npm) Mar 18, 2026
x4cc3 Credited to x4cc3 and darrachequesne darrachequesne darrachequesne
ProTip! Advisories are also available from the GraphQL API