Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

7 advisories

Loading
ZITADEL: Server-Side Request Forgery (SSRF) and Denylist Bypass in Outgoing HTTP Components Low
CVE-2026-55671 was published for github.com/zitadel/zitadel (Go) Jun 18, 2026
wooseokdotkim Credited to wooseokdotkim, IAM-marco, livio-a, 0xBassia, alanturing881, dungNHVhust, sondt99, DavidCarliez, tikket1, Wernerina, morimori-dev, and vamsik2k5 IAM-marco IAM-marco
livio-a livio-a 0xBassia 0xBassia alanturing881 alanturing881 dungNHVhust dungNHVhust sondt99 sondt99 DavidCarliez DavidCarliez tikket1 tikket1 Wernerina Wernerina morimori-dev morimori-dev vamsik2k5 vamsik2k5
NocoDB: Hidden Column Exposure in Public Shared View Endpoints Moderate
CVE-2026-47378 was published for nocodb (npm) Jun 5, 2026
0xBassia Credited to 0xBassia
@tmlmobilidade/utils has prototype pollution in its setValueAtPath High
CVE-2026-45325 was published for @tmlmobilidade/utils (npm) May 18, 2026
0xBassia Credited to 0xBassia
parse-nested-form-data has Prototype Pollution via `__proto__` in FormData field names High
CVE-2026-45302 was published for parse-nested-form-data (npm) May 18, 2026
0xBassia Credited to 0xBassia
form-data-objectizer: Prototype pollution in form-data-objectizer via bracket-notation form keys High
CVE-2026-46510 was published for form-data-objectizer (npm) May 18, 2026
0xBassia Credited to 0xBassia
@ranfdev/deepobj has a Prototype Pollution vulnerability High
CVE-2026-46509 was published for @ranfdev/deepobj (npm) May 14, 2026
0xBassia Credited to 0xBassia
0xBassia Credited to 0xBassia
ProTip! Advisories are also available from the GraphQL API