Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,092
Maven
5,000+
npm
5,000+
NuGet
994
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,414
Swift
61
Unreviewed advisories
All unreviewed
5,000+

6 advisories

Loading
Hugo: security.http.urls deny rules bypassed by alternate IPv4 encodings (SSRF) High
GHSA-r46f-3rpw-hxrv was published for github.com/gohugoio/hugo (Go) Jun 19, 2026
vnth4nhnt Credited to vnth4nhnt
Hugo: Symlink confinement bypass in os.ReadFile Moderate
GHSA-c3wq-j5vh-68rc was published for github.com/gohugoio/hugo (Go) Jun 19, 2026
vnth4nhnt Credited to vnth4nhnt
Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape Moderate
CVE-2026-54319 was published for github.com/daytonaio/daytona (Go) Jun 18, 2026
vnth4nhnt Credited to vnth4nhnt
Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join Moderate
CVE-2026-54324 was published for github.com/daytonaio/daytona (Go) Jun 17, 2026
vnth4nhnt Credited to vnth4nhnt
Daytona: Cross-org IDOR in organization role update/delete — any org owner can rewrite or destroy another org's roles High
CVE-2026-54322 was published for github.com/daytonaio/daytona (Go) Jun 16, 2026
vnth4nhnt Credited to vnth4nhnt and mrknight-n1du mrknight-n1du mrknight-n1du
n8n: Credential exfiltration via Allowed HTTP Request Domains Bypass Moderate
CVE-2026-56348 was published for n8n (npm) May 19, 2026
vnth4nhnt Credited to vnth4nhnt
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database