Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

72 advisories

Loading
PenPot MCP REPL server binds to 0.0.0.0 with unauthenticated /execute endpoint — RCE High
CVE-2026-45805 was published for @penpot/mcp (npm) May 19, 2026
AyushParkara Credited to AyushParkara and overgrowncarrot1 overgrowncarrot1 overgrowncarrot1
Nautobot: GitRepository.current_head field should not be writable through REST API High
CVE-2026-44798 was published for nautobot (pip) May 13, 2026
holmie Credited to holmie
OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution High
CVE-2026-22812 was published for opencode-ai (npm) Jan 13, 2026
CyberShadow Credited to CyberShadow
Self-hosted n8n has Legacy Code node that enables arbitrary file read/write High
CVE-2025-68697 was published for n8n (npm) Dec 26, 2025
berkdedekarginoglu Credited to berkdedekarginoglu
Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode High
CVE-2025-64443 was published for github.com/docker/mcp-gateway (Go) Dec 3, 2025
JLLeitschuh Credited to JLLeitschuh
ProTip! Advisories are also available from the GraphQL API