GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7 advisories
OpenTelemetry Java SDK has Unbounded Memory Allocation in W3C Baggage Propagation
Moderate
CVE-2026-45292
was published
for
io.opentelemetry:opentelemetry-api
(Maven)
May 14, 2026
Netty has HTTP Header Injection via HttpProxyHandler Disabled Validation (Incomplete Fix CVE-2025-67735)
Low
CVE-2026-42578
was published
for
io.netty:netty-handler-proxy
(Maven)
May 7, 2026
Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion
Moderate
CVE-2026-42042
was published
for
axios
(npm)
May 5, 2026
Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy
Moderate
CVE-2026-42041
was published
for
axios
(npm)
May 5, 2026
Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`
Moderate
CVE-2026-42044
was published
for
axios
(npm)
May 5, 2026
Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams
Low
CVE-2026-42040
was published
for
axios
(npm)
May 5, 2026
HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover
High
CVE-2026-22704
was published
for
@haxtheweb/haxcms-nodejs
(npm)
Jan 13, 2026
ProTip!
Advisories are also available from the
GraphQL API