GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
4 advisories
ZITADEL: Server-Side Request Forgery (SSRF) and Denylist Bypass in Outgoing HTTP Components
Low
CVE-2026-55671
was published
for
github.com/zitadel/zitadel
(Go)
Jun 18, 2026
Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection
Moderate
GHSA-268h-hp4c-crq3
was published
for
nodemailer
(npm)
Jun 15, 2026
Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization
Moderate
GHSA-wqvq-jvpq-h66f
was published
for
nodemailer
(npm)
Jun 15, 2026
Withdrawn Advisory: esbuild: Missing binary integrity verification in Deno module enables remote code execution via NPM_CONFIG_REGISTRY
High
GHSA-gv7w-rqvm-qjhr
was published
for
esbuild
(npm)
Jun 12, 2026
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API