Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

25 advisories

Loading
Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker Moderate
CVE-2026-48147 was published for @budibase/backend-core (npm) Jun 12, 2026
b-hermes Credited to b-hermes
Hono: IP Restriction bypasses static deny rules for non-canonical IPv6 Moderate
CVE-2026-47674 was published for hono (npm) Jun 4, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection Moderate
CVE-2026-45065 was published for symfony/routing (Composer) May 27, 2026
Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching Moderate
CVE-2026-25542 was published for github.com/tektoncd/pipeline (Go) Apr 21, 2026
1seal Credited to 1seal, offset, vdemeester, and waveywaves offset offset
vdemeester vdemeester waveywaves waveywaves
Istio: AuthorizationPolicy serviceAccounts regex injection via unescaped dots Moderate
CVE-2026-39350 was published for istio.io/istio (Go) Apr 16, 2026
Wernerina Credited to Wernerina
league/commonmark has an embed extension allowed_domains bypass Moderate
CVE-2026-33347 was published for league/commonmark (Composer) Mar 19, 2026
HuajiHD Credited to HuajiHD
Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation Moderate
CVE-2026-3419 was published for fastify (npm) Mar 5, 2026
TarPeg007 Credited to TarPeg007, jsumners, mcollina, and UlisesGascon jsumners jsumners
mcollina mcollina UlisesGascon UlisesGascon
Sirdorblu Credited to Sirdorblu
Hono IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing Moderate
CVE-2026-24398 was published for hono (npm) Jan 27, 2026
devanshbatham Credited to devanshbatham
parse-uri Regular expression Denial of Service (ReDoS) Moderate
CVE-2024-36751 was published for parse-uri (npm) Jan 16, 2025
dsimk Credited to dsimk
Butterfly's parseJSON, getJSON functions eval malicious input, leading to remote code execution (RCE) Moderate
GHSA-mpcw-3j5p-p99x was published for org.openrefine.dependencies:butterfly (Maven) Oct 24, 2024
Incorrect default pattern in Jenkins Audit Trail Plugin Moderate
CVE-2020-2288 was published for org.jenkins-ci.plugins:audit-trail (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Apache Libcloud vulnerable to certificate impersonation Moderate
CVE-2012-3446 was published for apache-libcloud (pip) May 17, 2022
uap-core Regular Expression Denial of Service issue Moderate
CVE-2018-20164 was published for uap-core (npm) Mar 6, 2019
Django denial-of-service possibility in urlize and urlizetrunc template filters Moderate
CVE-2018-7536 was published for Django (pip) Jan 4, 2019
tdunlap607 Credited to tdunlap607
ProTip! Advisories are also available from the GraphQL API