Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

6 advisories

Loading
nebula-mesh: Newly-minted operator API key exposed in redirect URL (Referer, history, proxy logs) Moderate
CVE-2026-47768 was published for github.com/juev/nebula-mesh (Go) Jun 10, 2026
ak2k Credited to ak2k
Portainer: JWT accepted in URL query leaks tokens to logs and referers High
CVE-2026-44883 was published for github.com/portainer/portainer (Go) May 14, 2026
scanpwn Credited to scanpwn
Nhost Leaks Refresh Tokens via URL Query Parameter in OAuth Provider Callback Low
CVE-2026-34969 was published for github.com/nhost/nhost (Go) Apr 1, 2026
0xkakash1 Credited to 0xkakash1
PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems Moderate
CVE-2026-33620 was published for github.com/pinchtab/pinchtab (Go) Mar 24, 2026
mean3374 Credited to mean3374
Gogs: Access tokens get exposed through URL params in API requests Moderate
CVE-2026-26196 was published for gogs.io/gogs (Go) Mar 5, 2026
rezmoss Credited to rezmoss
File Browser allows sensitive data to be transferred in URL Moderate
CVE-2025-52901 was published for github.com/filebrowser/filebrowser (Go) Jun 30, 2025
mtausig Credited to mtausig and hacdias hacdias hacdias
ProTip! Advisories are also available from the GraphQL API