GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
6,288 advisories
Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret
High
CVE-2026-46701
was published
for
network-ai
(npm)
May 21, 2026
Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host
Critical
CVE-2026-46703
was published
for
@boxlite-ai/boxlite
(Go)
May 21, 2026
BoxLite: Permission Bypass Allows Modification of Read-Only Files
Critical
CVE-2026-46695
was published
for
@boxlite-ai/boxlite
(Go)
May 21, 2026
js-libp2p: Memory DoS via subscription flood of unique topics
High
CVE-2026-46679
was published
for
@libp2p/gossipsub
(npm)
May 21, 2026
JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection
High
CVE-2026-46625
was published
for
js-cookie
(npm)
May 21, 2026
NocoDB: Stale Auth Cache After API Token Deletion
Low
CVE-2026-46554
was published
for
nocodb
(npm)
May 21, 2026
NocoDB: Attachment Size Limit Bypass via Upload-by-URL
Low
CVE-2026-46553
was published
for
nocodb
(npm)
May 21, 2026
NocoDB: Shared-base link access can invite arbitrary users as persistent base members
Moderate
CVE-2026-46552
was published
for
nocodb
(npm)
May 21, 2026
NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion
Moderate
CVE-2026-46551
was published
for
nocodb
(npm)
May 21, 2026
NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags
Moderate
CVE-2026-46550
was published
for
nocodb
(npm)
May 21, 2026
NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation
Low
CVE-2026-46549
was published
for
nocodb
(npm)
May 21, 2026
NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)
Moderate
CVE-2026-46548
was published
for
nocodb
(npm)
May 21, 2026
NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL
Moderate
CVE-2026-46547
was published
for
nocodb
(npm)
May 21, 2026
MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement
High
CVE-2026-46519
was published
for
mcp-server-kubernetes
(npm)
May 21, 2026
Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects
Moderate
CVE-2026-34043
was published
for
serialize-javascript
(npm)
Mar 27, 2026
uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided
Moderate
CVE-2026-41907
was published
for
uuid
(npm)
Apr 22, 2026
@sveltejs/kit: `query.batch` cross-talk
Moderate
GHSA-hgv7-v322-mmgr
was published
for
@sveltejs/kit
(npm)
May 21, 2026
md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)
High
CVE-2026-46492
was published
for
md-fileserver
(npm)
May 21, 2026
ProTip!
Advisories are also available from the
GraphQL API