Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

597 advisories

Loading
CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced High
CVE-2026-54781 was published for CoreWCF.Primitives (NuGet) Jun 19, 2026
CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate High
CVE-2026-54774 was published for CoreWCF.Primitives (NuGet) Jun 19, 2026
containerd: CRI checkpoint import allows local image tag poisoning Moderate
CVE-2026-50195 was published for github.com/containerd/containerd/v2 (Go) Jun 19, 2026
hbeberman Credited to hbeberman and robertprast robertprast robertprast
symfony/ux-live-component: LiveComponentHydrator HMAC checksum lacks component and slot binding Low
CVE-2026-49212 was published for symfony/ux-live-component (Composer) Jun 19, 2026
Kocal Credited to Kocal
Tilt: Cross-site WebSocket hijacking of the Tilt HUD stream High
CVE-2026-55883 was published for github.com/tilt-dev/tilt (Go) Jun 19, 2026
therawdev Credited to therawdev
PHP JWT Framework: JWSVerifier uses algorithm from unprotected header, enabling algorithm confusion attacks High
GHSA-jc38-x7x8-2xc8 was published for web-token/jwt-bundle (Composer) Jun 18, 2026
Papadope Credited to Papadope, hostep, and samuelwei hostep hostep
samuelwei samuelwei
sour-exploit Credited to sour-exploit
PraisonAI DiscordApproval accepts unrelated channel messages as dangerous-tool approvals High
GHSA-8579-rgg5-ph2m was published for praisonai (pip) Jun 18, 2026
rexpository Credited to rexpository
hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length` Moderate
CVE-2026-54288 was published for hono (npm) Jun 16, 2026
Rootingg Credited to Rootingg
alan-agius4 Credited to alan-agius4, JeanMeche, and josephperrott JeanMeche JeanMeche
josephperrott josephperrott
j4xT Credited to j4xT
purpshell Credited to purpshell and SheIITear SheIITear SheIITear
addcontent Credited to addcontent, russellb, and jperezdealgaba russellb russellb
jperezdealgaba jperezdealgaba
Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections High
CVE-2026-47737 was published for puma (RubyGems) Jun 9, 2026
vxhex Credited to vxhex and nateberkopec nateberkopec nateberkopec
Netty has Insufficient Bailiwick Validation for NS Records High
CVE-2026-47691 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records High
CVE-2026-45674 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint High
CVE-2026-47696 was published for WWBN/AVideo (Composer) Jun 4, 2026
proochicken Credited to proochicken
whrit Credited to whrit
matrix-sdk-ui: Incomplete edit validation Moderate
CVE-2026-45057 was published for matrix-sdk-ui (Rust) Jun 4, 2026
ProTip! Advisories are also available from the GraphQL API