Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

592 advisories

Loading
9router: Login brute-force protection bypass via spoofed X-Forwarded-For header High
CVE-2026-55501 was published for 9router (npm) Jul 6, 2026
dinhvaren Credited to dinhvaren
Microsoft Edge (Chromium-based) Spoofing Vulnerability Moderate Unreviewed
CVE-2026-45489 was published Jul 3, 2026
SnailSploit Credited to SnailSploit and 0xShemesh 0xShemesh 0xShemesh
OpenClaw: Matrix allowFrom could bind to mutable display names High
CVE-2026-53811 was published for openclaw (npm) Jul 2, 2026
PhilipPhil Credited to PhilipPhil
OpenClaw: Slack allowFrom could bind to mutable display names High
GHSA-c29c-2q9c-pc86 was published for openclaw (npm) Jul 2, 2026
PhilipPhil Credited to PhilipPhil
OpenClaw: Control UI locality spoofing could mint a durable admin device token High
CVE-2026-53817 was published for openclaw (npm) Jul 2, 2026
cantinagen Credited to cantinagen
OpenClaw: Same-host trusted-proxy deployments could accept local forged identity headers High
GHSA-rggc-m335-3wvj was published for openclaw (npm) Jul 2, 2026
cantinagen Credited to cantinagen and Ellahinator Ellahinator Ellahinator
GoFiber Vulnerable to X-Real-IP Spoofing via Header.Add() in BalancerForward Moderate
CVE-2026-45045 was published for github.com/gofiber/fiber/v2 (Go) Jul 2, 2026
TristanInSec Credited to TristanInSec, ReneWerner87, and gaby ReneWerner87 ReneWerner87
gaby gaby
chi Has an IP Spoofing Vulnerability in `middleware.RealIP` Moderate
GHSA-3fxj-6jh8-hvhx was published for github.com/go-chi/chi/v5/middleware (Go) Jun 25, 2026
Saku0512 Credited to Saku0512
chi's RealIP Middleware allows IP spoofing via unvalidated X-Forwarded-For header High
GHSA-rjr7-jggh-pgcp was published for github.com/go-chi/chi/middleware (Go) Jun 25, 2026
rezmoss Credited to rezmoss
Gogs has an Authentication Bypass via Unvalidated Reverse Proxy Headers High
CVE-2026-25119 was published for gogs.io/gogs (Go) Jun 22, 2026
tenbbughunters Credited to tenbbughunters
CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation Critical
CVE-2026-54782 was published for CoreWCF.Primitives (NuGet) Jun 19, 2026
ProTip! Advisories are also available from the GraphQL API