Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

319,852 advisories

Loading
Quill has DoS via unbounded read of HTTP response body during notarization Moderate
CVE-2026-31960 was published for github.com/anchore/quill (Go) Mar 11, 2026
Quill has unbounded memory allocation via unvalidated size fields in Mach-O binary parsing Moderate
CVE-2026-31961 was published for github.com/anchore/quill (Go) Mar 11, 2026
Quill vulnerable to SSRF via unvalidated URL from Apple notarization log retrieval Moderate
CVE-2026-31959 was published for github.com/anchore/quill (Go) Mar 11, 2026
@siteboon/claude-code-ui Vulnerable to Unauthenticated RCE via WebSocket Shell Injection Critical
CVE-2026-31975 was published for @siteboon/claude-code-ui (npm) Mar 11, 2026
Ethan-Yang-opcia Credited to Ethan-Yang-opcia and DhiyaneshGeek DhiyaneshGeek DhiyaneshGeek
Parse Server vulnerable to user enumeration via email verification endpoint Moderate
CVE-2026-31901 was published for parse-server (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
Parse Server's MFA recovery codes not consumed after use High
CVE-2026-31875 was published for parse-server (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
Parse Server has a protected fields bypass via dot-notation in query and sort High
CVE-2026-31872 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server vulnerable to SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL Critical
CVE-2026-31871 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server vulnerable to stored XSS via file upload of HTML-renderable file types Moderate
CVE-2026-31868 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
flagd Vulnerable to Allocation of Resources Without Limits or Throttling High
CVE-2026-31866 was published for github.com/open-feature/flagd/flagd (Go) Mar 11, 2026
danipalli Credited to danipalli, marcozabel, and toddbaert marcozabel marcozabel
toddbaert toddbaert
Terraform Provider for SendGrid: TLS Session Resumption Bypasses Certificate Authority Trust Store Modifications in Go Critical
GHSA-j443-wcqq-xprh was published for github.com/arslanbekov/terraform-provider-sendgrid (Go) Mar 11, 2026
aiell0 Credited to aiell0
0xkakash1 Credited to 0xkakash1
ProTip! Advisories are also available from the GraphQL API