Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

6 advisories

Loading
Heimdall: Forwarded Header Injection via Unsanitized Host Header in Proxy Mode High
GHSA-4jgr-pg2m-m988 was published for github.com/dadrus/heimdall (Go) Jun 18, 2026
tikket1 Credited to tikket1
ZITADEL: Server-Side Request Forgery (SSRF) and Denylist Bypass in Outgoing HTTP Components Low
CVE-2026-55671 was published for github.com/zitadel/zitadel (Go) Jun 18, 2026
wooseokdotkim Credited to wooseokdotkim, IAM-marco, livio-a, 0xBassia, alanturing881, dungNHVhust, sondt99, DavidCarliez, tikket1, Wernerina, morimori-dev, and vamsik2k5 IAM-marco IAM-marco
livio-a livio-a 0xBassia 0xBassia alanturing881 alanturing881 dungNHVhust dungNHVhust sondt99 sondt99 DavidCarliez DavidCarliez tikket1 tikket1 Wernerina Wernerina morimori-dev morimori-dev vamsik2k5 vamsik2k5
Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction High
CVE-2026-45162 was published for pimcore/pimcore (Composer) May 27, 2026
tikket1 Credited to tikket1 and kingjia90 kingjia90 kingjia90
Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Date Filter via Unsanitized Property Parameter High
CVE-2026-44741 was published for pimcore/admin-ui-classic-bundle (Composer) May 27, 2026
tikket1 Credited to tikket1 and kingjia90 kingjia90 kingjia90
Weblate: Privilege escalation in the user API endpoint High
CVE-2026-34393 was published for weblate (pip) Apr 16, 2026
tikket1 Credited to tikket1, nijel, and DavidCarliez nijel nijel
DavidCarliez DavidCarliez
Graby has stored XSS via iframe srcdoc Attribute in htmLawed Sanitization Config Low
GHSA-3h6j-9x8m-rg3g was published for j0k3r/graby (Composer) Mar 31, 2026
tikket1 Credited to tikket1
ProTip! Advisories are also available from the GraphQL API