Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

2,461 advisories

Loading
Keystone: GraphQL API Endpoint Lacks Query Depth Limits Low
CVE-2026-10802 was published for @keystone-6/core (npm) Jun 4, 2026
ms-swift: Image Cache Hash Collision via Missing Dimension Metadata Low
CVE-2026-10801 was published for ms-swift (pip) Jun 4, 2026
Prototype pollution in @feathersjs/commons _.merge via JSON-parsed __proto__ Low
CVE-2026-54335 was published for @feathersjs/commons (npm) Jul 14, 2026
ridingsa Credited to ridingsa
Gradio: Audio cache key ignores metadata when saving numpy audio outputs Low
CVE-2026-10783 was published for gradio (pip) Jun 4, 2026
Wasmtime: Memory leak in C API with `externref` and `anyref` types Low
CVE-2025-61670 was published for wasmtime-bin (pip) Jul 14, 2026
alexcrichton Credited to alexcrichton
Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login Low
CVE-2026-48589 was published for org.apache.shiro:shiro-jakarta-ee (Maven) May 26, 2026
yeikel Credited to yeikel
Code Index MCP is vulnerable to Uncontrolled Resource Consumption Low
CVE-2026-10692 was published for code-index-mcp (pip) Jun 3, 2026
DesktopCommanderMCP is vulnerable to SSRF Low
CVE-2026-10690 was published for @wonderwhy-er/desktop-commander (npm) Jun 3, 2026
DesktopCommanderMCP is vulnerable to Uncontrolled Resource Consumption Low
CVE-2026-10691 was published for @wonderwhy-er/desktop-commander (npm) Jun 3, 2026
Tesla vulnerable to multipart part smuggling via unescaped `content-disposition` values Low
CVE-2026-48598 was published for tesla (Erlang) Jul 10, 2026
PJUllrich Credited to PJUllrich, yordis, and maennchen yordis yordis
maennchen maennchen
Tesla has CRLF injection in request `Content-Type` header via `add_content_type_param` Low
CVE-2026-48596 was published for tesla (Erlang) Jul 10, 2026
PJUllrich Credited to PJUllrich, yordis, and maennchen yordis yordis
maennchen maennchen
mint has potential CRLF injection in its HTTP request line via unvalidated `method`/`target` Low
CVE-2026-48861 was published for mint (Erlang) Jul 9, 2026
PJUllrich Credited to PJUllrich, maennchen, and ericmj maennchen maennchen
ericmj ericmj
hermes-agent has an Injection issue Low
CVE-2026-10222 was published for hermes-agent (pip) Jun 1, 2026
Apache Airflow has an Incorrect Authorization issue Low
CVE-2026-45426 was published for apache-airflow (pip) Jun 1, 2026
Apache Airflow has an Improper Authorization issue Low
CVE-2026-40963 was published for apache-airflow (pip) Jun 1, 2026
Craft CMS has authenticated path traversal in `assets/icon`, allowing local `.svg` file read Low
GHSA-c43v-4cr8-6mvp was published for craftcms/cms (Composer) Jul 9, 2026
GCXWLP Credited to GCXWLP
Waku has an Open Redirect via `unstable_redirect` Helper Low
CVE-2026-49456 was published for waku (npm) Jul 8, 2026
j0hndo Credited to j0hndo
Logback vulnerable to Object Injection through HardenedObjectInputStream modules Low
CVE-2026-10532 was published for ch.qos.logback:logback-core (Maven) Jun 1, 2026
Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning Low
CVE-2026-46342 was published for @nuxt/nitro-server (npm) May 19, 2026
fancymalware Credited to fancymalware
ProTip! Advisories are also available from the GraphQL API