Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

10 advisories

Loading
OpenRun: Redirect URL validation bypass using  //host  paths leads to Open Redirect Moderate
CVE-2026-55252 was published for github.com/openrundev/openrun (Go) Jul 9, 2026
Fushuling Credited to Fushuling and RacerZ-fighting RacerZ-fighting RacerZ-fighting
Probo has an open redirect bypass via path normalization Moderate
CVE-2026-49820 was published for go.probo.inc/probo (Go) Jun 30, 2026
Fushuling Credited to Fushuling
Flask-Security has an Open Redirect issue Moderate
GHSA-w2j7-f3c6-g8cw was published for Flask-Security (pip) Jun 23, 2026
RacerZ-fighting Credited to RacerZ-fighting and Fushuling Fushuling Fushuling
Open Redirect Bypass in miniflux-v2 Moderate
CVE-2026-55185 was published for miniflux.app/v2 (Go) Jun 19, 2026
Fushuling Credited to Fushuling and RacerZ-fighting RacerZ-fighting RacerZ-fighting
local-deep-research has an SSRF bypass in `safe_get` Moderate
CVE-2026-46526 was published for local-deep-research (pip) May 28, 2026
Fushuling Credited to Fushuling and RacerZ-fighting RacerZ-fighting RacerZ-fighting
Bunsink has an SSRF bypass in `validate_webhook_url` Moderate
CVE-2026-44502 was published for bugsink (pip) May 8, 2026
Fushuling Credited to Fushuling and RacerZ-fighting RacerZ-fighting RacerZ-fighting
vLLM: Server-Side Request Forgery (SSRF) in `download_bytes_from_url ` Moderate
CVE-2026-34753 was published for vllm (pip) Apr 3, 2026
Fushuling Credited to Fushuling, L2ncE, TsingShui, l2yyd5, Danthology, iharee, BoyiZhao, russellb, jperezdealgaba, and Victor-code-Y L2ncE L2ncE
TsingShui TsingShui l2yyd5 l2yyd5 Danthology Danthology iharee iharee BoyiZhao BoyiZhao russellb russellb jperezdealgaba jperezdealgaba Victor-code-Y Victor-code-Y
JupyterHub has an Open Redirect Vulnerability Moderate
CVE-2026-33709 was published for jupyterhub (pip) Apr 3, 2026
RacerZ-fighting Credited to RacerZ-fighting and Fushuling Fushuling Fushuling
OpenClaw: Windows media loaders accepted remote-host file URLs before local path validation Moderate
CVE-2026-34426 was published for openclaw (npm) Mar 26, 2026
RacerZ-fighting Credited to RacerZ-fighting and Fushuling Fushuling Fushuling
vLLM has SSRF Protection Bypass Moderate
CVE-2026-25960 was published for vllm (pip) Mar 9, 2026
RacerZ-fighting Credited to RacerZ-fighting, russellb, DarkLight1337, Isotr0py, and Fushuling russellb russellb
DarkLight1337 DarkLight1337 Isotr0py Isotr0py Fushuling Fushuling
ProTip! Advisories are also available from the GraphQL API