GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
8 advisories
Traefik's ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass authentication
High
CVE-2026-35051
was published
for
github.com/traefik/traefik
(Go)
Apr 24, 2026
OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation
Low
CVE-2026-40264
was published
for
github.com/openbao/openbao
(Go)
Apr 21, 2026
SiYuan: Authorization Bypass Allows Low-Privilege Publish User to Modify Notebook Content via /api/block/appendHeadingChildren
High
CVE-2026-30926
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 9, 2026
SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage
Critical
CVE-2026-30869
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 7, 2026
OliveTin doesn't check view permission when returning dashboards
Moderate
CVE-2026-30233
was published
for
github.com/OliveTin/OliveTin
(Go)
Mar 5, 2026
OliveTin's RestartAction always runs actions as guest
Moderate
CVE-2026-30225
was published
for
github.com/OliveTin/OliveTin
(Go)
Mar 5, 2026
OliveTin Session Fixation: Logout Fails to Invalidate Server-Side Session
Moderate
CVE-2026-30224
was published
for
github.com/OliveTin/OliveTin
(Go)
Mar 5, 2026
OliveTin has JWT Audience Validation Bypass in Local Key and HMAC Modes
High
CVE-2026-30223
was published
for
github.com/OliveTin/OliveTin
(Go)
Mar 5, 2026
ProTip!
Advisories are also available from the
GraphQL API