Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

6 advisories

Loading
Authorizer: CQL/N1QL Injection in Cassandra and Couchbase Backends via fmt.Sprintf String Interpolation High
GHSA-jfwg-rxf3-p7r9 was published for github.com/authorizerdev/authorizer (Go) Apr 6, 2026
morimori-dev Credited to morimori-dev
pyLoad: SSRF in parse_urls API endpoint via unvalidated URL parameter High
CVE-2026-35187 was published for pyload-ng (pip) Apr 4, 2026
morimori-dev Credited to morimori-dev
Gotenberg has case-insensitive URL scheme that bypasses webhook and downloadFrom deny-list SSRF protection High
CVE-2026-40280 was published for github.com/gotenberg/gotenberg/v8 (Go) Apr 30, 2026
morimori-dev Credited to morimori-dev
YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave() High
CVE-2026-41143 was published for yeswiki/yeswiki (Composer) Apr 18, 2026
morimori-dev Credited to morimori-dev
Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation High
CVE-2026-45548 was published for @budibase/server (npm) May 15, 2026
morimori-dev Credited to morimori-dev
AVideo Vulnerable to Unauthenticated .env File Exposure via Official Docker Compose Configuration High
CVE-2026-33692 was published for wwbn/avideo (Composer) Jun 22, 2026
morimori-dev Credited to morimori-dev
ProTip! Advisories are also available from the GraphQL API