GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
13,578 advisories
ImageMagick: Heap Buffer Over-Write in json and yaml encoder of a single byte due to incorrect fix
Moderate
GHSA-jqq5-8px3-9m6m
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
May 21, 2026
Pydantic AI: SSRF cloud-metadata blocklist bypass via IPv4-mapped IPv6 (Incomplete fix of CVE-2026-25580)
Moderate
CVE-2026-46678
was published
for
pydantic-ai
(pip)
May 21, 2026
Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog
Moderate
CVE-2026-46609
was published
for
Umbraco.Cms
(NuGet)
May 21, 2026
FlaskBB: SSRF in get_image_info() via unrestricted avatar URL
Moderate
CVE-2026-46556
was published
for
flaskbb
(pip)
May 21, 2026
NocoDB: Shared-base link access can invite arbitrary users as persistent base members
Moderate
CVE-2026-46552
was published
for
nocodb
(npm)
May 21, 2026
NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion
Moderate
CVE-2026-46551
was published
for
nocodb
(npm)
May 21, 2026
NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags
Moderate
CVE-2026-46550
was published
for
nocodb
(npm)
May 21, 2026
NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)
Moderate
CVE-2026-46548
was published
for
nocodb
(npm)
May 21, 2026
NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL
Moderate
CVE-2026-46547
was published
for
nocodb
(npm)
May 21, 2026
Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables
Moderate
CVE-2026-46618
was published
for
github.com/fission/fission
(Go)
May 21, 2026
Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers
Moderate
CVE-2026-46616
was published
for
Umbraco.Cms
(NuGet)
May 21, 2026
pyload-ng: SSRF via HTTP Redirect Bypass in parse_urls API
Moderate
CVE-2026-46561
was published
for
pyload-ng
(pip)
May 21, 2026
nimiq-blockchain: Genesis batch set request
Moderate
CVE-2026-46543
was published
for
nimiq-blockchain
(Rust)
May 21, 2026
nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points
Moderate
CVE-2026-46542
was published
for
nimiq-keys
(Rust)
May 21, 2026
nimiq-primitives: BlockInclusionProof interlink issue when hops are empty
Moderate
CVE-2026-46539
was published
for
nimiq-primitives
(Rust)
May 21, 2026
@sveltejs/kit: `query.batch` cross-talk
Moderate
GHSA-hgv7-v322-mmgr
was published
for
@sveltejs/kit
(npm)
May 21, 2026
ProTip!
Advisories are also available from the
GraphQL API