GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
7 advisories
Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign
Critical
CVE-2026-48150
was published
for
@budibase/server
(npm)
Jun 12, 2026
FUXA's scheduler API missing admin check enables operator-to-admin escalation via scheduled device actions
Moderate
CVE-2026-47721
was published
for
fuxa-server
(npm)
Jun 8, 2026
FUXA has SQL Injection in its TDengine DAQ connector via backslash bypass of escapeTdString
Moderate
CVE-2026-47720
was published
for
fuxa-server
(npm)
Jun 8, 2026
FUXA: Unauthenticated SSRF via Socket.IO DEVICE_WEBAPI_REQUEST and DEVICE_PROPERTY with response reading
High
CVE-2026-47719
was published
for
fuxa-server
(npm)
Jun 8, 2026
React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint
High
CVE-2026-42342
was published
for
@remix-run/server-runtime
(npm)
Jun 3, 2026
parse-server: MFA SMS one-time password accepted twice under concurrent login
Low
CVE-2026-43930
was published
for
parse-server
(npm)
May 5, 2026
Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands
Moderate
CVE-2026-29772
was published
for
@astrojs/node
(npm)
Mar 24, 2026
ProTip!
Advisories are also available from the
GraphQL API