Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

6 advisories

Loading
Hugo: Symlink confinement bypass in resources.Get Moderate
CVE-2026-50135 was published for github.com/gohugoio/hugo (Go) Jun 16, 2026
unknownhad Credited to unknownhad
Hugo: security.http.urls allow-list bypass via HTTP redirects Moderate
CVE-2026-50134 was published for github.com/gohugoio/hugo (Go) Jun 16, 2026
unknownhad Credited to unknownhad
Symfony's JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits — ReDoS Low
CVE-2026-45756 was published for symfony/json-path (Composer) May 28, 2026
alexandre-daubois Credited to alexandre-daubois and unknownhad unknownhad unknownhad
Symfony's Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection Moderate
CVE-2026-45755 was published for symfony/mailtrap-mailer (Composer) May 28, 2026
alexandre-daubois Credited to alexandre-daubois and unknownhad unknownhad unknownhad
Symfony's Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — Unauthenticated Webhook Event Injection Moderate
CVE-2026-45754 was published for symfony/lox24-notifier (Composer) May 28, 2026
alexandre-daubois Credited to alexandre-daubois, nicolas-grekas, and unknownhad nicolas-grekas nicolas-grekas
unknownhad unknownhad
Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing Moderate
CVE-2026-45064 was published for symfony/html-sanitizer (Composer) May 27, 2026
nicolas-grekas Credited to nicolas-grekas and unknownhad unknownhad unknownhad
ProTip! Advisories are also available from the GraphQL API