GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
27,584 advisories
AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php
Critical
CVE-2026-28501
was published
for
wwbn/avideo
(Composer)
Mar 2, 2026
CocoIndex Doris target connector didn't verify table name when constructing ALTER TABLE statements
High
CVE-2026-28438
was published
for
cocoindex
(pip)
Mar 2, 2026
FileBrowser has Path Traversal in Public Share Links that Exposes Files Outside Shared Directory
High
CVE-2026-28492
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Mar 2, 2026
Products.isurlinportal has possible open redirect when using more than 2 forward slashes
Moderate
CVE-2026-28413
was published
for
Products.isurlinportal
(pip)
Mar 2, 2026
NocoDB Missing Ownership Validation in MCP Token Operations
Moderate
CVE-2026-28361
was published
for
nocodb
(npm)
Mar 2, 2026
NocoDB's Refresh Tokens Not Revoked on Password Reset
Moderate
CVE-2026-28396
was published
for
nocodb
(npm)
Mar 2, 2026
NocoDB has Plaintext Storage of Shared View Passwords
Low
CVE-2026-28360
was published
for
nocodb
(npm)
Mar 2, 2026
NocoDB Vulnerable to Stored Cross-site Scripting via Rich Text Field
Moderate
CVE-2026-28359
was published
for
nocodb
(npm)
Mar 2, 2026
NocoDB Vulnerable to User Enumeration via Password Reset Endpoint
Low
CVE-2026-28358
was published
for
nocodb
(npm)
Mar 2, 2026
NocoDB has Stored Cross-site Scripting via Formula Cell
Moderate
CVE-2026-28357
was published
for
nocodb
(npm)
Mar 2, 2026
lxml-html-clean has <base> tag injection through default Cleaner configuration
Moderate
CVE-2026-28350
was published
for
lxml-html-clean
(pip)
Mar 2, 2026
lxml-html-clean has CSS @import Filter Bypass via Unicode Escapes
Moderate
CVE-2026-28348
was published
for
lxml-html-clean
(pip)
Mar 2, 2026
OliveTin has Unauthenticated Denial of Service via Memory Exhaustion in PasswordHash API Endpoint
High
CVE-2026-28342
was published
for
github.com/OliveTin/OliveTin
(Go)
Mar 2, 2026
malcontent: Error-path cleanup gap can leak scanners and fds and degrade availability
Moderate
GHSA-54p8-x2m9-c593
was published
for
github.com/chainguard-dev/malcontent
(Go)
Mar 2, 2026
joserfc's PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)
High
CVE-2026-27932
was published
for
joserfc
(pip)
Mar 2, 2026
OpenEXR's CompositeDeepScanLine integer-overflow leads to heap OOB write
High
CVE-2026-27622
was published
for
OpenEXR
(pip)
Mar 2, 2026
theshit's Improper Privilege Dropping Allows Local Privilege Escalation via Command Re-execution
High
CVE-2026-21882
was published
for
theshit
(Rust)
Mar 2, 2026
Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs
High
CVE-2026-28425
was published
for
statamic/cms
(Composer)
Mar 1, 2026
Statamic Vulnerable to Server-Side Request Forgery via Glide
Moderate
CVE-2026-28423
was published
for
statamic/cms
(Composer)
Mar 1, 2026
Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing
High
CVE-2026-28416
was published
for
gradio
(pip)
Mar 1, 2026
ProTip!
Advisories are also available from the
GraphQL API