Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

2,533 advisories

Loading
Coder's workspace agent API insecure redirect handling allowed cross-agent file read and write High
GHSA-qrwj-vh9x-gw5v was published for github.com/coder/coder/v2 (Go) Jul 6, 2026
Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile Moderate
CVE-2026-54637 was published for d7y.io/dragonfly/v2 (Go) Jul 6, 2026
tonghuaroot Credited to tonghuaroot and gaius-qi gaius-qi gaius-qi
tonghuaroot Credited to tonghuaroot
Kyverno has SSRF via CEL http.Get/http.Post in NamespacedValidatingPolicy allows cross-namespace data access High
CVE-2026-4789 was published for github.com/kyverno/kyverno (Go) Apr 14, 2026
iggypopi Credited to iggypopi, stepanskyigor-orca, copethomas, and sublimino stepanskyigor-orca stepanskyigor-orca
copethomas copethomas sublimino sublimino
A flaw has been found in AIAnytime Awesome-MCP-Server up to... Low Unreviewed
CVE-2026-14748 was published Jul 5, 2026
Spatie Laravel Media Library contains a server-side request forgery vulnerability Moderate
CVE-2026-48555 was published for spatie/laravel-medialibrary (Composer) May 29, 2026
WeasyPrint has a Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect High
CVE-2025-68616 was published for weasyprint (pip) Jan 20, 2026
g4nkd Credited to g4nkd
Mautic Focus component Vulnerable to SSRF Moderate
CVE-2026-9557 was published for mautic/core (Composer) Jul 2, 2026
r1beirin Credited to r1beirin, patrykgruszka, dungNHVhust, and escopecz patrykgruszka patrykgruszka
dungNHVhust dungNHVhust escopecz escopecz
@asymmetric-effort/specifyjs: No redirect target validation in secureFetch Moderate
GHSA-j5qp-p44g-2m49 was published for @asymmetric-effort/specifyjs (npm) Jul 2, 2026
@asymmetric-effort/specifyjs: `data:` URI allowed without size restriction Moderate
GHSA-2944-57xv-2682 was published for @asymmetric-effort/specifyjs (npm) Jul 2, 2026
@asymmetric-effort/specifyjs: Localhost bypass incomplete (IPv6, 0.0.0.0, 127.x range) Moderate
GHSA-xw57-23p8-9wc5 was published for @asymmetric-effort/specifyjs (npm) Jul 2, 2026
ProTip! Advisories are also available from the GraphQL API