Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

8 advisories

Loading
Insecure default value for CORS configuration Critical
CVE-2022-26969 was published for directus (npm) Apr 5, 2022
alaeddine03 Credited to alaeddine03
SiYuan is Vulnerable to Cross-Origin RCE via Permissive CORS Policy and JavaScript Snippet Injection Critical
CVE-2026-34449 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 31, 2026
sajdakabir Credited to sajdakabir and zerotrail-ai zerotrail-ai zerotrail-ai
qui CORS Misconfiguration: Arbitrary Origins Trusted Critical
CVE-2026-30924 was published for github.com/autobrr/qui (Go) Mar 19, 2026
ppfeister Credited to ppfeister and s0up4200 s0up4200 s0up4200
MCP Toolbox for Databases vulnerable to DNS rebinding attacks Critical
CVE-2026-9739 was published for github.com/googleapis/mcp-toolbox (Go) May 28, 2026
Joro: Unauthenticated Cross-Origin Plugin Upload Leads to RCE Critical
CVE-2026-53649 was published for github.com/BishopFox/joro (Go) Jul 8, 2026
stover-BF Credited to stover-BF
ProTip! Advisories are also available from the GraphQL API