Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

509 advisories

Loading
NocoDB: Refresh Tokens Persist Through Password Recovery Moderate
CVE-2026-53928 was published for nocodb (npm) Jun 17, 2026
bugbunny-research Credited to bugbunny-research
Duplicate Advisory: Pairing-scoped device session could restore revoked node token authority High
GHSA-wrmq-9fc4-gwwj was published for openclaw (npm) Jun 16, 2026 withdrawn
Daytona: Public sandbox previews remain accessible for up to one hour after being made private High
CVE-2026-54321 was published for github.com/daytonaio/daytona (Go) Jun 16, 2026
mrknight-n1du Credited to mrknight-n1du
NocoDB: OAuth Tokens Persist Through Security Events Moderate
CVE-2026-53926 was published for nocodb (npm) Jun 5, 2026
bugbunny-research Credited to bugbunny-research
Apache Airflow: Auth manager doesn't invalidate JWT tokens after users click logout Moderate
CVE-2026-48726 was published for apache-airflow (pip) Jun 1, 2026
Casdoor doesn't enforce SAML assertion time bounds High
CVE-2026-9096 was published for github.com/casdoor/casdoor (Go) May 28, 2026
Keycloak has Insufficient Session Expiration Moderate
CVE-2026-9802 was published for org.keycloak:keycloak-services (Maven) May 28, 2026
NocoDB: Stale Auth Cache After API Token Deletion Low
CVE-2026-46554 was published for nocodb (npm) May 21, 2026
bugbunny-research Credited to bugbunny-research
eduMFA Passkeys: missing expiration flag may allow replay attacks and reuse of old challenges High
GHSA-j5rm-v3vh-vx94 was published for edumfa (pip) May 18, 2026
Strapi: Password Reset Does Not Revoke Existing Refresh Sessions Low
CVE-2026-22706 was published for @strapi/admin (npm) May 13, 2026
zaddy6 Credited to zaddy6, arthurgervais, derrickmehaffy, AndyAnh174, and Aastha2602 arthurgervais arthurgervais
derrickmehaffy derrickmehaffy AndyAnh174 AndyAnh174 Aastha2602 Aastha2602
zzzm0919 Credited to zzzm0919
Open WebUI has a CORS misconfiguration and session validation issue High
GHSA-6xcp-7mpr-m7wm was published for open-webui (pip) May 11, 2026
Classic298 Credited to Classic298
nhost has Session Persistence After Password Change Low
GHSA-7hgr-xvrr-xpw3 was published for github.com/nhost/nhost (Go) May 8, 2026
skoveit Credited to skoveit
ech0's acess tokens with expiry=never cannot be revoked: logout panics, delete does not blacklist JTI High
GHSA-fpw6-hrg5-q5x5 was published for github.com/lin-snow/Ech0 (Go) May 7, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change Moderate
GHSA-258c-965c-p3hc was published for github.com/daptin/daptin (Go) May 7, 2026
VashuVats Credited to VashuVats
katalyst-koi: Session cookies can be replayed after user logout High
CVE-2026-44511 was published for katalyst-koi (RubyGems) May 7, 2026
ProTip! Advisories are also available from the GraphQL API