Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
42
Go
3,142
Maven
5,000+
npm
5,000+
NuGet
833
pip
4,438
Pub
12
RubyGems
990
Rust
1,174
Swift
50
Unreviewed advisories
All unreviewed
5,000+

5,067 advisories

Loading
Striae has a hash validation utility vulnerability High
CVE-2026-31839 was published for @striae-org/striae (npm) Mar 11, 2026
StephenJLu Credited to StephenJLu
@siteboon/claude-code-ui Vulnerable to Unauthenticated RCE via WebSocket Shell Injection Critical
CVE-2026-31975 was published for @siteboon/claude-code-ui (npm) Mar 11, 2026
Ethan-Yang-opcia Credited to Ethan-Yang-opcia, DhiyaneshGeek, and neo-ai-engineer DhiyaneshGeek DhiyaneshGeek
neo-ai-engineer neo-ai-engineer
Parse Server vulnerable to user enumeration via email verification endpoint Moderate
CVE-2026-31901 was published for parse-server (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
Parse Server's MFA recovery codes not consumed after use High
CVE-2026-31875 was published for parse-server (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
Parse Server has a protected fields bypass via dot-notation in query and sort High
CVE-2026-31872 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server vulnerable to SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL Critical
CVE-2026-31871 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server vulnerable to stored XSS via file upload of HTML-renderable file types Moderate
CVE-2026-31868 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Hono vulnerable to Prototype Pollution possible through __proto__ key allowed in parseBody({ dot: true }) Moderate
GHSA-v8w9-8mx6-g223 was published for hono (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1
Parse Server vulnerable to SQL injection via `Increment` operation on nested object field in PostgreSQL Critical
CVE-2026-31856 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
@siteboon/claude-code-ui is Vulnerable to Command Injection via Multiple Parameters Critical
CVE-2026-31862 was published for @siteboon/claudecodeui (npm) Mar 11, 2026
toufik-airane Credited to toufik-airane and neo-ai-engineer neo-ai-engineer neo-ai-engineer
Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access High
CVE-2026-31829 was published for flowise (npm) Mar 11, 2026
nlgbao1340 Credited to nlgbao1340
Parse Server vulnerable to LDAP injection via unsanitized user input in DN and group filter construction Moderate
CVE-2026-31828 was published for parse-server (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
Parse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routes High
CVE-2026-31800 was published for parse-server (npm) Mar 11, 2026
theinfosecguy Credited to theinfosecguy and mtrezza mtrezza mtrezza
@appium/support has a Zip Slip arbitrary file write in its ZIP extraction Moderate
CVE-2026-30973 was published for @appium/support (npm) Mar 11, 2026
bugbunny-research Credited to bugbunny-research
Parse Server has a rate limit bypass via batch request endpoint Moderate
CVE-2026-30972 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server OAuth2 authentication adapter account takeover via identity spoofing High
CVE-2026-30967 was published for parse-server (npm) Mar 11, 2026
theinfosecguy Credited to theinfosecguy and mtrezza mtrezza mtrezza
Parse Server has role escalation and CLP bypass via direct `_Join` table write Critical
CVE-2026-30966 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server vulnerable to session token exfiltration via `redirectClassNameForKey` query parameter Critical
CVE-2026-30965 was published for parse-server (npm) Mar 11, 2026
theinfosecguy Credited to theinfosecguy and mtrezza mtrezza mtrezza
Parse Server has a protected fields bypass via logical query operators High
CVE-2026-30962 was published for parse-server (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
Sequelize v6 Vulnerable to SQL Injection via JSON Column Cast Type High
CVE-2026-30951 was published for sequelize (npm) Mar 11, 2026
EthanKim88 Credited to EthanKim88
Parse Server missing audience validation in Keycloak authentication adapter High
CVE-2026-30949 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server vulnerable to stored cross-site scripting (XSS) via SVG file upload High
CVE-2026-30948 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server has a bypass of class-level permissions in LiveQuery High
CVE-2026-30947 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server affected by denial-of-service via unbounded query complexity in REST and GraphQL API High
CVE-2026-30946 was published for parse-server (npm) Mar 11, 2026
mtrezza Credited to mtrezza
StudioCMS: IDOR — Arbitrary API Token Revocation Leading to Denial of Service High
CVE-2026-30945 was published for studiocms (npm) Mar 11, 2026
FilipeGaudard Credited to FilipeGaudard and Adammatthiesen Adammatthiesen Adammatthiesen
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database