Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

10 advisories

Loading
0xmrma Credited to 0xmrma
Appsmith: Configuration-dependent origin validation bypass in password reset and email verification link generation High
GHSA-j9gf-vw2f-9hrw was published for com.appsmith:server (Maven) Jun 12, 2026
0xmrma Credited to 0xmrma
yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation High
CVE-2026-42089 was published for yeoman-environment (npm) May 26, 2026
mshima Credited to mshima, UlisesGascon, and 0xmrma UlisesGascon UlisesGascon
0xmrma 0xmrma
NocoDB: Shared-base link access can invite arbitrary users as persistent base members Moderate
CVE-2026-46552 was published for nocodb (npm) May 21, 2026
0xmrma Credited to 0xmrma
0xmrma Credited to 0xmrma
0xmrma Credited to 0xmrma
container: pf Rule Injection via Domain Name Argument in `container system dns create --localhost` Command Low
GHSA-39g5-644c-qwcg was published for github.com/apple/container (Swift) May 7, 2026
XlabAITeam Credited to XlabAITeam, 0xmrma, and keenanwgn 0xmrma 0xmrma
keenanwgn keenanwgn
listmonk's active sessions remain valid after password reset and password change High
CVE-2026-34828 was published for github.com/knadh/listmonk (Go) Apr 1, 2026
0xmrma Credited to 0xmrma
python-ecdsa: Denial of Service via improper DER length validation in crafted private keys Moderate
CVE-2026-33936 was published for ecdsa (pip) Mar 27, 2026
0xmrma Credited to 0xmrma
Stored XSS in Memray-generated HTML reports via unescaped command-line metadata Low
CVE-2026-32722 was published for memray (pip) Mar 16, 2026
0xmrma Credited to 0xmrma
ProTip! Advisories are also available from the GraphQL API