GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
26,915 advisories
Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation
Moderate
CVE-2026-3419
was published
for
fastify
(npm)
Mar 5, 2026
The Eclipse Jetty Server Artifact has a Gzip request memory leak
High
CVE-2026-1605
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Mar 5, 2026
OliveTin doesn't check view permission when returning dashboards
Moderate
CVE-2026-30233
was published
for
github.com/OliveTin/OliveTin
(Go)
Mar 5, 2026
Pingora vulnerable to cache poisoning via insecure-by-default cache key
High
CVE-2026-2836
was published
for
pingora-cache
(Rust)
Mar 5, 2026
Pingora has HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing
Critical
CVE-2026-2835
was published
for
pingora-core
(Rust)
Mar 5, 2026
Pingora vulnerable to HTTP Request Smuggling via Premature Upgrade
Critical
CVE-2026-2833
was published
for
pingora-core
(Rust)
Mar 5, 2026
OliveTin has crash on NPE by calling APIs with invalid bindings or log references
Moderate
GHSA-fwhj-785h-43hh
was published
for
github.com/OliveTin/OliveTin
(Go)
Mar 5, 2026
OliveTin's RestartAction always runs actions as guest
Moderate
CVE-2026-30225
was published
for
github.com/OliveTin/OliveTin
(Go)
Mar 5, 2026
OliveTin Session Fixation: Logout Fails to Invalidate Server-Side Session
Moderate
CVE-2026-30224
was published
for
github.com/OliveTin/OliveTin
(Go)
Mar 5, 2026
OliveTin has JWT Audience Validation Bypass in Local Key and HMAC Modes
High
CVE-2026-30223
was published
for
github.com/OliveTin/OliveTin
(Go)
Mar 5, 2026
stellar-xdr's StringM::from_str bypasses max length validation
Moderate
CVE-2026-29795
was published
for
stellar-xdr
(Rust)
Mar 5, 2026
Gokapi has CSRF in Login Endpoint
Moderate
CVE-2026-29084
was published
for
github.com/forceu/gokapi
(Go)
Mar 5, 2026
Gokapi has privilege escalation via incomplete API-key permission revocation on user rank demotion
Moderate
CVE-2026-29061
was published
for
github.com/forceu/gokapi
(Go)
Mar 5, 2026
Gogs: DOM-based XSS via milestone selection
High
CVE-2026-26276
was published
for
gogs.io/gogs
(Go)
Mar 5, 2026
Gogs: Access tokens get exposed through URL params in API requests
Moderate
CVE-2026-26196
was published
for
gogs.io/gogs
(Go)
Mar 5, 2026
Gogs: Stored XSS in branch and wiki views through author and committer names
Moderate
CVE-2026-26195
was published
for
gogs.io/gogs
(Go)
Mar 5, 2026
Gogs: Release tag option injection in release deletion
High
CVE-2026-26194
was published
for
gogs.io/gogs
(Go)
Mar 5, 2026
Gogs: Stored XSS via data URI in issue comments
High
CVE-2026-26022
was published
for
gogs.io/gogs
(Go)
Mar 5, 2026
Gogs: Cross-repository LFS object overwrite via missing content hash verification
Critical
CVE-2026-25921
was published
for
gogs.io/gogs
(Go)
Mar 5, 2026
ProTip!
Advisories are also available from the
GraphQL API