GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
2,189 advisories
Angular SSR has Open Redirect and Request Steering via Encoded X-Forwarded-Prefix
Moderate
CVE-2026-44437
was published
for
@angular/ssr
(npm)
May 6, 2026
Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules
Moderate
CVE-2026-44372
was published
for
nitro
(npm)
May 6, 2026
Nitro has a proxy scope bypass via percent-encoded path traversal in `routeRules`
Moderate
CVE-2026-44373
was published
for
nitro
(npm)
May 6, 2026
next-intl has prototype pollution with `experimental.messages.precompile` via attacker-controlled translation catalog keys
Moderate
GHSA-4c35-wcg5-mm9h
was published
for
next-intl
(npm)
May 6, 2026
sse-channel: SSE Injection via unsanitized event fields
Moderate
CVE-2026-44217
was published
for
sse-channel
(npm)
May 5, 2026
ip-address has XSS in Address6 HTML-emitting methods
Moderate
CVE-2026-42338
was published
for
ip-address
(npm)
May 5, 2026
@evomap/evolver has an unbounded request body in proxy /asset/submit that causes persistent disk-exhaustion DoS
Moderate
GHSA-7xp7-m392-h92c
was published
for
@evomap/evolver
(npm)
May 5, 2026
OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload
Moderate
CVE-2026-45005
was published
for
openclaw
(npm)
May 5, 2026
@workos/authkit-session has an Open Redirect via state-derived redirect target
Moderate
CVE-2026-42565
was published
for
@workos/authkit-session
(npm)
May 5, 2026
LobeHub has a Cross-Site Scripting issue that escalates to Remote Code Execution
Moderate
CVE-2026-42045
was published
for
@lobehub/lobehub
(npm)
May 5, 2026
Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream
Moderate
CVE-2026-42037
was published
for
axios
(npm)
May 5, 2026
Axios: no_proxy bypass via IP alias allows SSRF
Moderate
CVE-2026-42038
was published
for
axios
(npm)
May 5, 2026
ProTip!
Advisories are also available from the
GraphQL API