Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

13 advisories

Loading
Ech0 authenticated user-list exposed data via public `/api/allusers` endpoint Moderate
CVE-2026-33638 was published for github.com/lin-snow/ech0 (Go) Mar 24, 2026
QiaoNPC Credited to QiaoNPC
D-Tale: Remote Code Execution through redis/shelf storage Moderate
CVE-2026-35052 was published for dtale (pip) Apr 3, 2026
QiaoNPC Credited to QiaoNPC
monetr: Protected Transactions Deletable via PUT Moderate
CVE-2026-39901 was published for github.com/monetr/monetr (Go) Apr 8, 2026
QiaoNPC Credited to QiaoNPC, Across-Verticals-Malaysia, th3fallen, and elliotcourant Across-Verticals-Malaysia Across-Verticals-Malaysia
th3fallen th3fallen elliotcourant elliotcourant
Note Mark: Username Enumeration via Login Endpoint Timing Side-Channel Low
CVE-2026-40263 was published for github.com/enchant97/note-mark/backend (Go) Apr 13, 2026
QiaoNPC Credited to QiaoNPC, Across-Verticals-Malaysia, and enchant97 Across-Verticals-Malaysia Across-Verticals-Malaysia
enchant97 enchant97
Note Mark has Stored XSS via Unrestricted Asset Upload High
CVE-2026-40262 was published for github.com/enchant97/note-mark/backend (Go) Apr 13, 2026
QiaoNPC Credited to QiaoNPC, Across-Verticals-Malaysia, and enchant97 Across-Verticals-Malaysia Across-Verticals-Malaysia
enchant97 enchant97
Note Mark has Broken Access Control on Asset Download Moderate
CVE-2026-40265 was published for github.com/enchant97/note-mark/backend (Go) Apr 13, 2026
QiaoNPC Credited to QiaoNPC, Across-Verticals-Malaysia, and enchant97 Across-Verticals-Malaysia Across-Verticals-Malaysia
enchant97 enchant97
Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId) Critical
CVE-2026-41478 was published for @saltcorn/server (npm) Apr 16, 2026
QiaoNPC Credited to QiaoNPC
ots has a negative expire override that can bypass its secret retention policy Moderate
GHSA-h5fq-653g-gxrm was published for github.com/Luzifer/ots (Go) May 5, 2026
QiaoNPC Credited to QiaoNPC
`potato-annotation` has a Project-Boundary Bypass Moderate
GHSA-q9m2-fhv9-3jcf was published for potato-annotation (pip) May 8, 2026
QiaoNPC Credited to QiaoNPC
Mistune Math Plugin has an XSS Escape Bypass Moderate
CVE-2026-44708 was published for mistune (pip) May 8, 2026
QiaoNPC Credited to QiaoNPC and Across-Verticals-Malaysia Across-Verticals-Malaysia Across-Verticals-Malaysia
Mistune Heading ID Attribute has Injection XSS Moderate
CVE-2026-44897 was published for mistune (pip) May 9, 2026
QiaoNPC Credited to QiaoNPC and Across-Verticals-Malaysia Across-Verticals-Malaysia Across-Verticals-Malaysia
Mistune TOC Anchor Injection XSS Moderate
CVE-2026-44898 was published for mistune (pip) May 14, 2026
QiaoNPC Credited to QiaoNPC and Across-Verticals-Malaysia Across-Verticals-Malaysia Across-Verticals-Malaysia
Mistune Image Directive CSS Injection Vulnerability Moderate
CVE-2026-44899 was published for mistune (pip) May 14, 2026
QiaoNPC Credited to QiaoNPC and Across-Verticals-Malaysia Across-Verticals-Malaysia Across-Verticals-Malaysia
ProTip! Advisories are also available from the GraphQL API