Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

6 advisories

Loading
Websites were able to send any requests to the development server and read the response in vite Moderate
CVE-2025-24010 was published for vite (npm) Jan 21, 2025
ivantsepp Credited to ivantsepp
Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default High
CVE-2025-66414 was published for @modelcontextprotocol/sdk (npm) Dec 2, 2025
JLLeitschuh Credited to JLLeitschuh
OpenClaw: macOS Tailnet DNS Spoofing & Credential Exfiltration High
CVE-2026-41393 was published for openclaw (npm) Apr 3, 2026
nexrin Credited to nexrin, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding Moderate
CVE-2026-43582 was published for openclaw (npm) Apr 17, 2026
dhyabi2 Credited to dhyabi2
copilot-api has Reliance on Reverse DNS Resolution for a Security-Critical Action Low
CVE-2026-6874 was published for copilot-api (npm) Apr 23, 2026
dynoxide: DNS rebinding and cross-origin CSRF via MCP HTTP transport High
GHSA-fvh2-gm75-j4j7 was published for dynoxide (npm) May 18, 2026
hicksy Credited to hicksy
ProTip! Advisories are also available from the GraphQL API