GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7 advisories
engram: HTTP server CORS wildcard + auth-off-by-default enables CSRF graph exfiltration and persistent indirect prompt injection
High
GHSA-2r2p-4cgf-hv7h
was published
for
engramx
(npm)
Apr 22, 2026
TinaCMS CLI Dev Server Vulnerable to Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS
Critical
CVE-2026-28792
was published
for
@tinacms/cli
(npm)
Mar 12, 2026
OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution
High
CVE-2026-22812
was published
for
opencode-ai
(npm)
Jan 13, 2026
Strapi core vulnerable to sensitive data exposure via CORS misconfiguration
High
CVE-2025-53092
was published
for
@strapi/core
(npm)
Oct 16, 2025
@musistudio/claude-code-router has improper CORS configuration
High
CVE-2025-57755
was published
for
@musistudio/claude-code-router
(npm)
Aug 21, 2025
ProTip!
Advisories are also available from the
GraphQL API