Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

7 advisories

Loading
Kubetail has a Cross-Site WebSocket Hijacking issue that allows attacker to read Kubernetes logs from authenticated users Moderate
CVE-2026-44514 was published for github.com/kubetail-org/kubetail/modules/cli (Go) May 7, 2026
@farmfe/core is Missing Origin Validation in WebSocket Moderate
CVE-2025-56647 was published for @farmfe/core (npm) Feb 12, 2026
Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails Moderate
CVE-2026-22689 was published for github.com/axllent/mailpit (Go) Jan 13, 2026
omarkurt Credited to omarkurt
Bokeh server applications have Incomplete Origin Validation in WebSockets Moderate
CVE-2026-21883 was published for bokeh (pip) Jan 6, 2026
katzj Credited to katzj and aydinnyunus aydinnyunus aydinnyunus
Apache Zeppelin: Missing Origin Validation in WebSockets vulnerability Moderate
CVE-2024-51775 was published for org.apache.zeppelin:zeppelin-shell (Maven) Aug 3, 2025
Websites were able to send any requests to the development server and read the response in vite Moderate
CVE-2025-24010 was published for vite (npm) Jan 21, 2025
ivantsepp Credited to ivantsepp
Unintentional leakage of private information via cross-origin websocket session hijacking Moderate
CVE-2023-2850 was published for nodebb (npm) Jul 25, 2023
mowzk Credited to mowzk and barisusakli barisusakli barisusakli
ProTip! Advisories are also available from the GraphQL API