GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
9 advisories
In monetr, unauthenticated Stripe webhook reads attacker-sized request bodies before signature validation
High
GHSA-v7xq-3wx6-fqc2
was published
for
github.com/monetr/monetr
(Go)
Apr 14, 2026
unhead: Streaming SSR `streamKey` injected into inline script without identifier validation
Low
GHSA-x7mm-9vvv-64w8
was published
for
unhead
(npm)
Apr 10, 2026
LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates
High
CVE-2026-35525
was published
for
liquidjs
(npm)
Apr 8, 2026
@stablelib/cbor: Stack exhaustion Denial of Service via deeply nested CBOR arrays, maps, or tags
High
GHSA-5jg4-p4qw-cgfr
was published
for
@stablelib/cbor
(npm)
Apr 4, 2026
@stablelib/cbor: Prototype poisoning via `__proto__` map keys in CBOR decoding
High
GHSA-w48f-fwg7-ww6p
was published
for
@stablelib/cbor
(npm)
Apr 4, 2026
node-tar Symlink Path Traversal via Drive-Relative Linkpath
High
CVE-2026-31802
was published
for
tar
(npm)
Mar 10, 2026
tar has Hardlink Path Traversal via Drive-Relative Linkpath
High
CVE-2026-29786
was published
for
tar
(npm)
Mar 5, 2026
@isaacs/brace-expansion has Uncontrolled Resource Consumption
High
CVE-2026-25547
was published
for
@isaacs/brace-expansion
(npm)
Feb 3, 2026
node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization
High
CVE-2026-23745
was published
for
tar
(npm)
Jan 16, 2026
ProTip!
Advisories are also available from the
GraphQL API