Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

8 advisories

Loading
GoFiber Vulnerable to X-Real-IP Spoofing via Header.Add() in BalancerForward Moderate
CVE-2026-45045 was published for github.com/gofiber/fiber/v2 (Go) Jul 2, 2026
TristanInSec Credited to TristanInSec, ReneWerner87, and gaby ReneWerner87 ReneWerner87
gaby gaby
GoFiber Vulnerable to Username Enumeration via Timing Oracle in BasicAuth Default Authorizer Moderate
CVE-2026-44332 was published for github.com/gofiber/fiber/v3 (Go) Jul 2, 2026
TristanInSec Credited to TristanInSec, gaby, and ReneWerner87 gaby gaby
ReneWerner87 ReneWerner87
Snipe-IT has Multi-Tenancy Bypass via Bulk Asset Update Moderate
CVE-2026-55482 was published for snipe/snipe-it (Composer) Jun 23, 2026
TristanInSec Credited to TristanInSec
OpenCTI has Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature High
CVE-2026-21887 was published for pycti (pip) Jun 22, 2026
DaffySpider Credited to DaffySpider and TristanInSec TristanInSec TristanInSec
MantisBT has a Private Bugnote Attachment Content Leak via REST API High
CVE-2026-42071 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304, TristanInSec, dregad, and siunam321 TristanInSec TristanInSec
dregad dregad siunam321 siunam321
MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API Moderate
CVE-2026-42070 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304, TristanInSec, and dregad TristanInSec TristanInSec
dregad dregad
MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values Moderate
CVE-2026-39960 was published for mantisbt/mantisbt (Composer) May 11, 2026
morimori-dev Credited to morimori-dev, dregad, and TristanInSec dregad dregad
TristanInSec TristanInSec
ERB has an @_init deserialization guard bypass via def_module / def_method / def_class High
CVE-2026-41316 was published for erb (RubyGems) Apr 24, 2026
TristanInSec Credited to TristanInSec
ProTip! Advisories are also available from the GraphQL API