Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

6,517 advisories

Loading
hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length` Moderate
CVE-2026-54288 was published for hono (npm) Jun 16, 2026
Rootingg Credited to Rootingg
@astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config Moderate
CVE-2026-54300 was published for @astrojs/netlify (npm) Jun 16, 2026
DavidCarliez Credited to DavidCarliez
Astro: Host header SSRF in prerendered error page fetch High
CVE-2026-54299 was published for astro (npm) Jun 16, 2026
5ud0er Credited to 5ud0er
Astro: XSS via Unescaped Attribute Names in Spread Props Moderate
CVE-2026-54298 was published for astro (npm) Jun 16, 2026
Texuguinho1234 Credited to Texuguinho1234
n8n: Python sandbox escape High
CVE-2026-49444 was published for n8n (npm) Jun 16, 2026
vipinxsec Credited to vipinxsec
n8n: Git Node Clone and Push Operations Bypass File Sandbox Moderate
CVE-2026-49465 was published for n8n (npm) Jun 16, 2026
tr4ce-ju Credited to tr4ce-ju
n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes Moderate
CVE-2026-54310 was published for n8n (npm) Jun 16, 2026
sm1ee Credited to sm1ee
n8n: NoSQL Injection in MongoDB Node Find And Replace Operation Moderate
CVE-2026-54313 was published for n8n (npm) Jun 16, 2026
sm1ee Credited to sm1ee
n8n: Wrong OAuth Scope On Evaluations Test Run Creation Endpoint Moderate
GHSA-hv7x-3x78-gx53 was published for n8n (npm) Jun 16, 2026
34selen Credited to 34selen
n8n: Missing Token Validation on Microsoft Agent 365 Trigger and Stripe Nodes Moderate
CVE-2026-54308 was published for n8n (npm) Jun 16, 2026
nkoorty Credited to nkoorty and jjjutla jjjutla jjjutla
n8n: Same-Origin XSS in Respond to Webhook Node High
CVE-2026-54301 was published for n8n (npm) Jun 16, 2026
supperhellokitty20 Credited to supperhellokitty20
n8n: Prototype Pollution enables confused-deputy execution via public webhooks Moderate
CVE-2026-54306 was published for n8n (npm) Jun 16, 2026
sm1ee Credited to sm1ee
n8n: Merge Node SQL Mode Prototype Pollution Moderate
CVE-2026-54311 was published for n8n (npm) Jun 16, 2026
sm1ee Credited to sm1ee
LobeHub: Unauthenticated SSRF in `/webapi/proxy` Critical
CVE-2026-54157 was published for @lobehub/lobehub (npm) Jun 16, 2026
0xj3st3r Credited to 0xj3st3r
n8n: Microsoft SQL Node Prototype Pollution High
CVE-2026-54312 was published for n8n (npm) Jun 16, 2026
s2ongmo Credited to s2ongmo
n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints Moderate
CVE-2026-54303 was published for n8n (npm) Jun 16, 2026
sm1ee Credited to sm1ee
n8n: Stored XSS in Chat Trigger Node High
CVE-2026-54302 was published for n8n (npm) Jun 16, 2026
sm1ee Credited to sm1ee
n8n: Python Code Node AST Validator Bypass Moderate
GHSA-jwm3-qcfw-c5pp was published for n8n (npm) Jun 16, 2026
Mistz1 Credited to Mistz1
n8n: Public API Execution Retry Authorization Bypass Moderate
GHSA-h3jj-5f3v-3685 was published for n8n (npm) Jun 16, 2026
ksw9722 Credited to ksw9722
n8n: Denial of Service via ZIP decompression in webhook workflow Moderate
CVE-2026-54314 was published for n8n (npm) Jun 16, 2026
n8n: Credential Exfiltration via Permission Bypass High
CVE-2026-54307 was published for n8n (npm) Jun 16, 2026
n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints High
CVE-2026-54305 was published for n8n (npm) Jun 16, 2026
Solidscripting Credited to Solidscripting
n8n: MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control Sessions High
CVE-2026-54309 was published for n8n (npm) Jun 16, 2026
ESPanda666 Credited to ESPanda666
n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host High
CVE-2026-54304 was published for n8n (npm) Jun 16, 2026
34selen Credited to 34selen
Cross-site scripting via <NoScript> slot content in Nuxt's head components Low
GHSA-m3q2-p4fw-w38m was published for nuxt (npm) Jun 16, 2026
alcls01111 Credited to alcls01111
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database