GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
12 advisories
Symfony Vulnerable to SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix
Moderate
CVE-2026-45073
was published
for
symfony/cache
(Composer)
May 27, 2026
Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read
High
CVE-2026-46617
was published
for
github.com/fission/fission
(Go)
May 21, 2026
Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger
Critical
CVE-2026-46614
was published
for
github.com/fission/fission
(Go)
May 21, 2026
Crawlee for Python: SSRF via sitemap-derived URLs
Low
CVE-2026-46497
was published
for
crawlee
(pip)
May 21, 2026
SillyTavern has a SSRF vulnerability in the CORS proxy middleware
Moderate
CVE-2026-44652
was published
for
sillytavern
(npm)
May 12, 2026
SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware
Moderate
CVE-2026-44651
was published
for
sillytavern
(npm)
May 12, 2026
MCP Registry's GitHub OIDC tokens are replayable across registry deployments due to shared audience
Low
CVE-2026-44428
was published
for
github.com/modelcontextprotocol/registry
(Go)
May 8, 2026
Scramble vulnerable to remote code execution via evaluation of user-controlled input in validation rules
Critical
CVE-2026-44262
was published
for
dedoc/scramble
(Composer)
May 6, 2026
changedetection.io project has an XXE vulnerability
High
CVE-2026-41895
was published
for
changedetection.io
(pip)
May 4, 2026
beets has a Cross-site Scripting vulnerability
Moderate
CVE-2026-42052
was published
for
beets
(pip)
Apr 29, 2026
electerm has Command Injection via runLinux funtion
Critical
CVE-2026-41501
was published
for
electerm
(npm)
Apr 24, 2026
electerm: electerm_install_script_CommandInjection Vulnerability Report
Critical
CVE-2026-41500
was published
for
electerm
(npm)
Apr 16, 2026
ProTip!
Advisories are also available from the
GraphQL API