GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
12,024 advisories
Directus: SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in File Import
High
CVE-2026-35409
was published
for
directus
(npm)
Apr 4, 2026
Directus: Open Redirect via Parser Bypass in OAuth2/SAML Authentication Flow
Moderate
CVE-2026-35410
was published
for
directus
(npm)
Apr 4, 2026
Signal K Server: Arbitrary Prototype Read via `from` Field Bypass
Low
CVE-2026-35038
was published
for
signalk-server
(npm)
Apr 3, 2026
fast-jwt: Incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key
Critical
CVE-2026-34950
was published
for
fast-jwt
(npm)
Apr 2, 2026
Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber
Low
CVE-2026-34762
was published
for
github.com/ellanetworks/core
(Go)
Apr 1, 2026
AIOHTTP accepts duplicate Host headers
Moderate
CVE-2026-34525
was published
for
aiohttp
(pip)
Apr 1, 2026
ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.
High
CVE-2026-34445
was published
for
onnx
(pip)
Apr 1, 2026
Admidio has CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter
Moderate
CVE-2026-34383
was published
for
admidio/admidio
(Composer)
Mar 31, 2026
ProTip!
Advisories are also available from the
GraphQL API