Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

33,376 advisories

Loading
Skipper: Incomplete fix for CVE-2026-50197: an oversized body can bypass OPA deny-on-presence Rego policies High
GHSA-8qqm-fp2q-v734 was published for github.com/zalando/skipper (Go) Jul 17, 2026
Skipper's routesrv-no-auth component: All routesrv API Endpoints Lack Authentication Moderate
CVE-2026-54246 was published for github.com/zalando/skipper (Go) Jul 17, 2026
alcls01111 Credited to alcls01111
tonghuaroot Credited to tonghuaroot
PocketSphinx: Buffer overflows in language and acoustic model loading code Moderate
CVE-2026-54559 was published for pocketsphinx (pip) Jul 17, 2026
damseleng Credited to damseleng
AngleSharp HTML5 Spec Compliance: mXSS via annotation-xml HTML Integration Point Bypass Moderate
CVE-2026-54570 was published for AngleSharp (NuGet) Jul 17, 2026
internetpestcontrol Credited to internetpestcontrol
x0root Credited to x0root
ExifReader HEIC/AVIF ISO-BMFF parser throws uncaught RangeError on truncated boxes Moderate
CVE-2026-53496 was published for exifreader (npm) Jul 17, 2026
YHalo-wyh Credited to YHalo-wyh
hackkim Credited to hackkim
Prompty: Arbitrary code execution via JavaScript frontmatter in TypeScript loader High
CVE-2026-53597 was published for @prompty/core (npm) Jul 17, 2026
cristianstaicu Credited to cristianstaicu
Prompty: Arbitrary file read via file reference expansion High
CVE-2026-53598 was published for @prompty/core (npm) Jul 17, 2026
mcp-memory-keeper: Arbitrary local file read in context_import via unvalidated filePath Moderate
CVE-2026-54561 was published for mcp-memory-keeper (npm) Jul 17, 2026
mcfly-zzh Credited to mcfly-zzh
Formie: Missing authorization in administrative settings allows low-privileged CP users to modify plugin configuration Moderate
GHSA-cvpc-hccg-wmw4 was published for verbb/formie (Composer) Jul 17, 2026
chaitanyagarware Credited to chaitanyagarware
Gitea has insufficient permission checks for Composer package source links High
CVE-2026-27771 was published for code.gitea.io/gitea (Go) Jul 17, 2026
DevNoScope Credited to DevNoScope
tonghuaroot Credited to tonghuaroot
oapi-codegen: OpenAPI Server Description Escapes Generated Go Comment and Injects Executable Code Low
GHSA-rjwr-m7qx-3fjr was published for github.com/oapi-codegen/oapi-codegen/v2 (Go) Jul 17, 2026
quart27219 Credited to quart27219 and kimdu0 kimdu0 kimdu0
meta-ads-mcp: X-Pipeboard-Token Header Auth Bypass Reuses Operator Meta Token High
CVE-2026-54547 was published for meta-ads-mcp (pip) Jul 17, 2026
EQSTLab Credited to EQSTLab
EQSTLab Credited to EQSTLab and useworld useworld useworld
sh _uid does not drop supplementary groups (incomplete privilege drop) High
CVE-2026-54552 was published for sh (pip) Jul 17, 2026
Gares95 Credited to Gares95
AWS-JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance High
CVE-2026-11400 was published for software.amazon.jdbc:aws-advanced-jdbc-wrapper (Maven) Jul 17, 2026
ph0smet Credited to ph0smet
plone.restapi: Stored XSS by spoofing mime type Moderate
GHSA-8rqh-vxpr-x77p was published for plone.restapi (pip) Jul 17, 2026
gyst Credited to gyst
plone.app.textfield: Stored XSS by spoofing mime type Moderate
CVE-2026-54503 was published for plone.app.textfield (pip) Jul 17, 2026
gyst Credited to gyst
Skipper: Unbounded Request Body Read in Admission Webhook Causes Memory Exhaustion DoS Moderate
CVE-2026-54247 was published for github.com/zalando/skipper (Go) Jul 17, 2026
alcls01111 Credited to alcls01111
vLLM: Speech-to-text upload size limit is enforced after full UploadFile read Moderate
CVE-2026-55646 was published for vllm (pip) Jul 17, 2026
rexpository Credited to rexpository and jperezdealgaba jperezdealgaba jperezdealgaba
brodmart Credited to brodmart and jperezdealgaba jperezdealgaba jperezdealgaba
vLLM has Remote DoS via Invalid Recovered Token Reinjection High
CVE-2026-54234 was published for vllm (pip) Jul 17, 2026
NeilAlfred Credited to NeilAlfred and jperezdealgaba jperezdealgaba jperezdealgaba
ProTip! Advisories are also available from the GraphQL API