GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
9 advisories
Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads
Moderate
CVE-2026-5038
was published
for
multer
(npm)
Jun 17, 2026
@nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent (incomplete fix for GHSA-6m52-m754-pw2g)
Moderate
CVE-2026-49993
was published
for
@nuxt/rspack-builder
(npm)
Jun 16, 2026
@astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config
Moderate
CVE-2026-54300
was published
for
@astrojs/netlify
(npm)
Jun 16, 2026
File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope
Moderate
CVE-2026-54094
was published
for
github.com/filebrowser/filebrowser
(Go)
Jun 12, 2026
NocoDB: Stored Cross-Site Scripting via Row Comments
High
CVE-2026-47383
was published
for
nocodb
(npm)
Jun 5, 2026
Weblate: Privilege escalation in the user API endpoint
High
CVE-2026-34393
was published
for
weblate
(pip)
Apr 16, 2026
Weblate: SSRF via Project-Level Machinery Configuration
Moderate
CVE-2026-34244
was published
for
weblate
(pip)
Apr 16, 2026
Weblate: Arbitrary File Read via Symlink
High
CVE-2026-34242
was published
for
weblate
(pip)
Apr 16, 2026
Ferret: Path Traversal in IO::FS::WRITE allows arbitrary file write when scraping malicious websites
High
CVE-2026-34783
was published
for
github.com/MontFerret/ferret
(Go)
Apr 1, 2026
ProTip!
Advisories are also available from the
GraphQL API