GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
31,043 advisories
JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection
High
CVE-2026-46625
was published
for
js-cookie
(npm)
May 21, 2026
Russh: Unchecked CryptoVec allocation and growth handling is reachable
High
CVE-2026-46673
was published
for
russh
(Rust)
May 21, 2026
Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog
Moderate
CVE-2026-46609
was published
for
Umbraco.Cms
(NuGet)
May 21, 2026
FlaskBB: SSRF in get_image_info() via unrestricted avatar URL
Moderate
CVE-2026-46556
was published
for
flaskbb
(pip)
May 21, 2026
NocoDB: Stale Auth Cache After API Token Deletion
Low
CVE-2026-46554
was published
for
nocodb
(npm)
May 21, 2026
NocoDB: Attachment Size Limit Bypass via Upload-by-URL
Low
CVE-2026-46553
was published
for
nocodb
(npm)
May 21, 2026
NocoDB: Shared-base link access can invite arbitrary users as persistent base members
Moderate
CVE-2026-46552
was published
for
nocodb
(npm)
May 21, 2026
NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion
Moderate
CVE-2026-46551
was published
for
nocodb
(npm)
May 21, 2026
NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags
Moderate
CVE-2026-46550
was published
for
nocodb
(npm)
May 21, 2026
NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation
Low
CVE-2026-46549
was published
for
nocodb
(npm)
May 21, 2026
NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)
Moderate
CVE-2026-46548
was published
for
nocodb
(npm)
May 21, 2026
ProTip!
Advisories are also available from the
GraphQL API