GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
10 advisories
esbuild: Missing binary integrity verification in Deno module enables remote code execution via NPM_CONFIG_REGISTRY
High
GHSA-gv7w-rqvm-qjhr
was published
for
esbuild
(npm)
Jun 12, 2026
Tornado has out-of-bounds memory access via C extension
Low
CVE-2026-49854
was published
for
tornado
(pip)
Jun 12, 2026
pypdf: Possible long runtimes for zero-only width values in cross-reference streamsuntimes for zero-only width values in cross-reference streams
Moderate
CVE-2026-48156
was published
for
pypdf
(pip)
Jun 12, 2026
pypdf: Possible large memory usage for large offsets for layout mode text
Moderate
CVE-2026-48155
was published
for
pypdf
(pip)
Jun 12, 2026
Nezha has cross-site GET request that can trigger stored cron commands on a victim's agents
High
CVE-2026-49396
was published
for
github.com/nezhahq/nezha
(Go)
Jun 10, 2026
Nhost CLI local configserver allows cross-origin unauthenticated read/write access to local development configuration and secrets
Moderate
CVE-2026-47671
was published
for
github.com/nhost/nhost
(Go)
Jun 4, 2026
Nezha's authenticated agents can forge service-monitor results for other users' services
High
CVE-2026-48119
was published
for
github.com/nezhahq/nezha
(Go)
Jun 1, 2026
Nezha's authenticated DDNS webhook configuration allows blind SSRF from the dashboard host
Moderate
CVE-2026-47268
was published
for
github.com/nezhahq/nezha
(Go)
May 29, 2026
Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members
Moderate
CVE-2026-47124
was published
for
github.com/nezhahq/nezha
(Go)
May 23, 2026
9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes
Critical
CVE-2026-46339
was published
for
9router
(npm)
May 19, 2026
ProTip!
Advisories are also available from the
GraphQL API