Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

28 advisories

Loading
`idna` accepts Punycode labels that do not produce any non-ASCII when decoded Moderate
CVE-2024-12224 was published for idna (Rust) Dec 9, 2024
AngularJS allows attackers to bypass common image source restrictions Low
CVE-2024-8372 was published for angular (npm) Sep 9, 2024
Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions High
CVE-2026-27610 was published for parse-dashboard (npm) Feb 25, 2026
mtrezza Credited to mtrezza
Ory Oathkeeper has an authentication bypass by cache key confusion High
CVE-2026-33496 was published for github.com/ory/oathkeeper (Go) Mar 20, 2026
OpenFGA has an Authorization Bypass through cached keys Moderate
CVE-2026-33729 was published for github.com/openfga/openfga (Go) Mar 26, 2026
justincoh Credited to justincoh and saad-h1 saad-h1 saad-h1
fasrm Credited to fasrm and SociableSteve SociableSteve SociableSteve
mercure has Topic Selector Cache Key Collision High
CVE-2026-39972 was published for github.com/dunglas/mercure (Go) Apr 8, 2026
dunglas Credited to dunglas
KarimTantawey Credited to KarimTantawey, jankapunkt, and dhensby jankapunkt jankapunkt
dhensby dhensby
DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode Moderate
CVE-2026-41239 was published for dompurify (npm) Apr 22, 2026
bencalif Credited to bencalif
webauthn-rs-core/webauthn-authenticator-rs: Origin validation mismatch possible when subdomains are allowed Low
GHSA-22w3-693w-x895 was published for webauthn-authenticator-rs (Rust) May 6, 2026
dorakemon Credited to dorakemon
Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero... Moderate Unreviewed
CVE-2026-45191 was published May 10, 2026
nicolas-grekas Credited to nicolas-grekas
Hono: IP Restriction bypasses static deny rules for non-canonical IPv6 Moderate
CVE-2026-47674 was published for hono (npm) Jun 4, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring High
CVE-2026-42462 was published for @fedify/fedify (npm) May 26, 2026
offset Credited to offset
ProTip! Advisories are also available from the GraphQL API