GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
8 advisories
Budibase: Unvalidated VectorDB Host Parameter Enables SSRF
Moderate
CVE-2026-48148
was published
for
@budibase/server
(npm)
Jun 12, 2026
Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step
Moderate
CVE-2026-48128
was published
for
budibase
(npm)
Jun 12, 2026
NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin
Moderate
CVE-2026-47377
was published
for
nocodb
(npm)
Jun 5, 2026
NocoDB: Reflected Cross-Site Scripting via Password Reset Token
Moderate
CVE-2026-47376
was published
for
nocodb
(npm)
Jun 5, 2026
vm2 setup-sandbox.js violates Defense Invariant #11 in stack-trace formatter
Low
GHSA-q3fm-4wcw-g57x
was published
for
vm2
(npm)
May 29, 2026
n8n-mcp webhook and API client paths has an authenticated SSRF
High
CVE-2026-44694
was published
for
n8n-mcp
(npm)
May 8, 2026
Axios: unbounded recursion in toFormData causes DoS via deeply nested request data
Moderate
CVE-2026-42039
was published
for
axios
(npm)
May 5, 2026
Vite: `server.fs.deny` bypassed with queries
High
CVE-2026-39364
was published
for
vite
(npm)
Apr 6, 2026
ProTip!
Advisories are also available from the
GraphQL API