Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

29 advisories

Loading
Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack Moderate
CVE-2026-46611 was published for glances (pip) Jun 22, 2026
sectroyer Credited to sectroyer
sour-exploit Credited to sour-exploit
rmcp Streamable HTTP server transport has a DNS rebinding vulnerability High
CVE-2026-42559 was published for rmcp (Rust) May 6, 2026
JLLeitschuh Credited to JLLeitschuh
dynoxide: DNS rebinding and cross-origin CSRF via MCP HTTP transport High
GHSA-fvh2-gm75-j4j7 was published for dynoxide (npm) May 18, 2026
hicksy Credited to hicksy
OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding Moderate
CVE-2026-43582 was published for openclaw (npm) Apr 17, 2026
dhyabi2 Credited to dhyabi2
copilot-api has Reliance on Reverse DNS Resolution for a Security-Critical Action Low
CVE-2026-6874 was published for copilot-api (npm) Apr 23, 2026
OpenClaw: macOS Tailnet DNS Spoofing & Credential Exfiltration High
CVE-2026-41393 was published for openclaw (npm) Apr 3, 2026
nexrin Credited to nexrin, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
Jenkins has a DNS rebinding vulnerability in WebSocket CLI origin validation High
CVE-2026-33002 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 18, 2026
JLLeitschuh Credited to JLLeitschuh
Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default High
CVE-2025-66414 was published for @modelcontextprotocol/sdk (npm) Dec 2, 2025
JLLeitschuh Credited to JLLeitschuh
Coder AgentAPI exposed user chat history via a DNS rebinding attack Moderate
CVE-2025-59956 was published for github.com/coder/agentapi (Go) Sep 29, 2025
eharris128 Credited to eharris128
vet MCP Server SSE Transport DNS Rebinding Vulnerability Low
CVE-2025-59163 was published for github.com/safedep/vet (Go) Sep 29, 2025
eharris128 Credited to eharris128
Ollama DNS rebinding vulnerability High
CVE-2024-28224 was published for github.com/ollama/ollama (Go) Apr 8, 2024
Websites were able to send any requests to the development server and read the response in vite Moderate
CVE-2025-24010 was published for vite (npm) Jan 21, 2025
ivantsepp Credited to ivantsepp
MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding High
CVE-2024-24759 was published for mindsdb (pip) Sep 5, 2024
Sim4n6 Credited to Sim4n6
Windows DNS Spoofing Vulnerability Moderate Unreviewed
CVE-2023-32020 was published Jun 14, 2023
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes Low
CVE-2023-41329 was published for com.github.tomakehurst:wiremock-jre8 (Maven) Sep 8, 2023
W0rty Credited to W0rty, numacanedo, tomakehurst, Mahoney, and oleg-nenashev numacanedo numacanedo
tomakehurst tomakehurst Mahoney Mahoney oleg-nenashev oleg-nenashev
RubyGems vulnerable to DNS hijack attack High
CVE-2015-3900 was published for rubygems-update (RubyGems) May 14, 2022
ProTip! Advisories are also available from the GraphQL API