Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

28 advisories

Loading
AngularJS allows attackers to bypass common image source restrictions Low
CVE-2024-8372 was published for angular (npm) Sep 9, 2024
`idna` accepts Punycode labels that do not produce any non-ASCII when decoded Moderate
CVE-2024-12224 was published for idna (Rust) Dec 9, 2024
Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions High
CVE-2026-27610 was published for parse-dashboard (npm) Feb 25, 2026
mtrezza Credited to mtrezza
Ory Oathkeeper has an authentication bypass by cache key confusion High
CVE-2026-33496 was published for github.com/ory/oathkeeper (Go) Mar 20, 2026
OpenFGA has an Authorization Bypass through cached keys Moderate
CVE-2026-33729 was published for github.com/openfga/openfga (Go) Mar 26, 2026
justincoh Credited to justincoh and saad-h1 saad-h1 saad-h1
fasrm Credited to fasrm and SociableSteve SociableSteve SociableSteve
mercure has Topic Selector Cache Key Collision High
CVE-2026-39972 was published for github.com/dunglas/mercure (Go) Apr 8, 2026
dunglas Credited to dunglas
KarimTantawey Credited to KarimTantawey, jankapunkt, and dhensby jankapunkt jankapunkt
dhensby dhensby
DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode Moderate
CVE-2026-41239 was published for dompurify (npm) Apr 22, 2026
bencalif Credited to bencalif
webauthn-rs-core/webauthn-authenticator-rs: Origin validation mismatch possible when subdomains are allowed Low
GHSA-22w3-693w-x895 was published for webauthn-authenticator-rs (Rust) May 6, 2026
dorakemon Credited to dorakemon
Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero... Moderate Unreviewed
CVE-2026-45191 was published May 10, 2026
Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring High
CVE-2026-42462 was published for @fedify/fedify (npm) May 26, 2026
nicolas-grekas Credited to nicolas-grekas
x41j Credited to x41j, ehhthing, and nic-lovin ehhthing ehhthing
nic-lovin nic-lovin
Hono: IP Restriction bypasses static deny rules for non-canonical IPv6 Moderate
CVE-2026-47674 was published for hono (npm) Jun 4, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
ProTip! Advisories are also available from the GraphQL API