Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

286 advisories

Loading
Microsoft Edge (Chromium-based) Spoofing Vulnerability Moderate Unreviewed
CVE-2026-45489 was published Jul 3, 2026
GoFiber Vulnerable to X-Real-IP Spoofing via Header.Add() in BalancerForward Moderate
CVE-2026-45045 was published for github.com/gofiber/fiber/v2 (Go) Jul 2, 2026
TristanInSec Credited to TristanInSec, ReneWerner87, and gaby ReneWerner87 ReneWerner87
gaby gaby
chi Has an IP Spoofing Vulnerability in `middleware.RealIP` Moderate
GHSA-3fxj-6jh8-hvhx was published for github.com/go-chi/chi/v5/middleware (Go) Jun 25, 2026
Saku0512 Credited to Saku0512
n8n: Missing Token Validation on Microsoft Agent 365 Trigger and Stripe Nodes Moderate
CVE-2026-54308 was published for n8n (npm) Jun 16, 2026
nkoorty Credited to nkoorty and jjjutla jjjutla jjjutla
Unauthenticated Bypass Vulnerability in Event Tickets <= 5.27.5 versions. Moderate Unreviewed
CVE-2026-42662 was published Jun 15, 2026
NocoDB: Cross-Workspace Integration Use in Connection Test Moderate
CVE-2026-47381 was published for nocodb (npm) Jun 5, 2026
DongyangLyu Credited to DongyangLyu
Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment Moderate
CVE-2026-48016 was published for shopware/core (Composer) Jun 4, 2026
Matrix Rust SDK: Sender-binding gaps in to-device and room-key attribution Moderate
CVE-2026-45056 was published for matrix-sdk-crypto (Rust) Jun 4, 2026
Doorkeeper Openid Connect: Dynamic Client Registration feature creates public clients with client_secret Moderate
CVE-2026-44476 was published for doorkeeper-openid_connect (RubyGems) Jun 4, 2026
55728 Credited to 55728
Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay Moderate
CVE-2026-45074 was published for symfony/security-http (Composer) May 27, 2026
nicolas-grekas Credited to nicolas-grekas
Fleet: IP spoofing allows bypassing API rate limiting Moderate
CVE-2026-46356 was published for github.com/fleetdm/fleet/v4 (Go) May 14, 2026
Fleet has a rate limiting bypass via untrusted client IP headers Moderate
CVE-2026-24000 was published for github.com/fleetdm/fleet/v4 (Go) May 14, 2026
ProTip! Advisories are also available from the GraphQL API