Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

12 advisories

Loading
Excon does not redact additional sensitive/risky headers when following redirects Moderate
CVE-2026-54171 was published for excon (RubyGems) Jul 10, 2026
SnailSploit Credited to SnailSploit
SnailSploit Credited to SnailSploit and 0xShemesh 0xShemesh 0xShemesh
PraisonAI: execute_code sandbox bypass: str.format C-level attribute access reads every blocklisted dunder Moderate
GHSA-pv2j-rghr-v5r9 was published for praisonaiagents (pip) Jun 18, 2026
SnailSploit Credited to SnailSploit
vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router Moderate
CVE-2026-54236 was published for vllm (pip) Jun 17, 2026
SnailSploit Credited to SnailSploit and jperezdealgaba jperezdealgaba jperezdealgaba
@hapi/wreck: Sensitive credential headers leak across cross-port and cross-scheme redirects Moderate
CVE-2026-48022 was published for @hapi/wreck (npm) Jun 11, 2026
SnailSploit Credited to SnailSploit
SnailSploit Credited to SnailSploit
slack-go `SecretsVerifier` accepts empty signing secret without precondition Moderate
GHSA-gxhx-2686-5h9g was published for github.com/slack-go/slack (Go) May 14, 2026
SnailSploit Credited to SnailSploit and massif-01 massif-01 massif-01
sse-channel: SSE Injection via unsanitized event fields Moderate
CVE-2026-44217 was published for sse-channel (npm) May 5, 2026
SnailSploit Credited to SnailSploit
DDEV has ZipSlip path traversal in tar and zip archive extraction Moderate
CVE-2026-32885 was published for github.com/ddev/ddev (Go) Apr 22, 2026
SnailSploit Credited to SnailSploit
Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid() Moderate
CVE-2026-33693 was published for activitypub_federation (Rust) Mar 25, 2026
SnailSploit Credited to SnailSploit
OpenClaw's `system.run` env override filtering allowed dangerous helper-command pivots Moderate
GHSA-j425-whc4-4jgc was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey, SnailSploit, and zpbrent SnailSploit SnailSploit
zpbrent zpbrent
ProTip! Advisories are also available from the GraphQL API