Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

4,769 advisories

Loading
76embiid21
Credited to 76embiid21
n8n: Webhook Forgery on Github Webhook Trigger Moderate
GHSA-mqpr-49jj-32rc was published for n8n (npm) Feb 26, 2026
simonkoeck
Credited to simonkoeck
n8n: SQL Injection in MySQL, PostgreSQL, and Microsoft SQL nodes Moderate
GHSA-f3f2-mcxc-pwjx was published for n8n (npm) Feb 26, 2026
TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist High
CVE-2026-27818 was published for terriajs-server (npm) Feb 26, 2026
Storybook Dev Server is Vulnerable to WebSocket Hijacking High
CVE-2026-27148 was published for storybook (npm) Feb 26, 2026
Aikido-Security reindaelman
grumpinout1 JorianWoltjer
Credited to Aikido-Security, reindaelman, grumpinout1, and JorianWoltjer
Parse Server: Account takeover via JWT algorithm confusion in Google auth adapter Critical
CVE-2026-27804 was published for parse-server (npm) Feb 25, 2026
sebastianosrt mtrezza
Credited to sebastianosrt and mtrezza
LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader Moderate
CVE-2026-27795 was published for @langchain/community (npm) Feb 25, 2026
r3dbrothers hntrl
Credited to r3dbrothers and hntrl
Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline Critical
CVE-2026-27739 was published for @angular/ssr (npm) Feb 25, 2026
Yenya030 alan-agius4
securityMB AndrewKushnir josephperrott dgp1130
Credited to Yenya030, alan-agius4, securityMB, AndrewKushnir, josephperrott, and dgp1130
Angular SSR has an Open Redirect via X-Forwarded-Prefix Moderate
CVE-2026-27738 was published for @angular/ssr (npm) Feb 25, 2026
alan-agius4 josephperrott
securityMB AndrewKushnir dgp1130 VenkatKwest
Credited to alan-agius4, josephperrott, securityMB, AndrewKushnir, dgp1130, and VenkatKwest
Rollup 4 has Arbitrary File Write via Path Traversal High
CVE-2026-27606 was published for rollup (npm) Feb 25, 2026
viralvaghela
Credited to viralvaghela
Basic FTP has Path Traversal Vulnerability in its downloadToDir() method Critical
CVE-2026-27699 was published for basic-ftp (npm) Feb 25, 2026
thecasual
Credited to thecasual
Astro has memory exhaustion DoS due to missing request body size limit in Server Actions Moderate
CVE-2026-27729 was published for @astrojs/node (npm) Feb 25, 2026
pHo9UBenaA
Credited to pHo9UBenaA
n8n Vulnerable to Stored XSS via Various Nodes High
CVE-2026-27578 was published for n8n (npm) Feb 25, 2026
ori-ron Aikido-Security
nil340
Credited to ori-ron, Aikido-Security, and nil340
n8n: Expression Sandbox Escape Leads to RCE Critical
CVE-2026-27577 was published for n8n (npm) Feb 25, 2026
eilonc-pillar nil340
ediklab hackerman70000 zolbooo
Credited to eilonc-pillar, nil340, ediklab, hackerman70000, and zolbooo
n8n has Arbitrary Command Execution via File Write and Git Operations Critical
CVE-2026-27498 was published for n8n (npm) Feb 25, 2026
fatihhcelik
Credited to fatihhcelik
n8n has Potential Remote Code Execution via Merge Node Critical
CVE-2026-27497 was published for n8n (npm) Feb 25, 2026
allsmog nil340
Credited to allsmog and nil340
n8n has a Sandbox Escape in its JavaScript Task Runner Critical
CVE-2026-27495 was published for n8n (npm) Feb 25, 2026
c0rydoras
Credited to c0rydoras
n8n has Arbitrary File Read via Python Code Node Sandbox Escape High
CVE-2026-27494 was published for n8n (npm) Feb 25, 2026
MarcoPoloPie Nico-Posada
Credited to MarcoPoloPie and Nico-Posada
n8n has Unauthenticated Expression Evaluation via Form Node Critical
CVE-2026-27493 was published for n8n (npm) Feb 25, 2026
eilonc-pillar
Credited to eilonc-pillar
Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions High
CVE-2026-27610 was published for parse-dashboard (npm) Feb 25, 2026
mtrezza
Credited to mtrezza
Parse Dashboard is Missing CSRF Protection for its Agent Endpoint High
CVE-2026-27609 was published for parse-dashboard (npm) Feb 25, 2026
mtrezza
Credited to mtrezza
Parse Dashboard is Missing Authorization for its Agent Endpoint Critical
CVE-2026-27608 was published for parse-dashboard (npm) Feb 25, 2026
mtrezza ByamB4
Credited to mtrezza and ByamB4
Budibase: Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud) Critical
CVE-2026-27702 was published for budibase (npm) Feb 25, 2026
vicevirus
Credited to vicevirus
Parse Dashboard has incomplete authentication on AI Agent endpoint Critical
CVE-2026-27595 was published for parse-dashboard (npm) Feb 25, 2026
ByamB4 mtrezza
Credited to ByamB4 and mtrezza
ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation Low
CVE-2026-22866 was published for @ensdomains/ens-contracts (npm) Feb 25, 2026
ProTip! Advisories are also available from the GraphQL API