GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
8 advisories
Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload
Low
CVE-2026-33221
was published
for
github.com/nhost/nhost
(Go)
Mar 18, 2026
SiYuan has Stored XSS to RCE via Unsanitized Bazaar Package Metadata
Moderate
CVE-2026-33067
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 18, 2026
SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering
Moderate
CVE-2026-33066
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 18, 2026
SiYuan Vulnerable to Remote Code Execution via Malicious Bazaar Package — Marketplace XSS
Moderate
GHSA-v3mg-9v85-fcm7
was published
for
siyuan
(Go)
Mar 16, 2026
SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface
Moderate
CVE-2026-32751
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 16, 2026
SiYuan Vulnerable to Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure
Moderate
GHSA-xp2m-98x8-rpj6
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 16, 2026
SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS
Moderate
CVE-2026-31809
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 10, 2026
SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS
Moderate
CVE-2026-31807
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 10, 2026
ProTip!
Advisories are also available from the
GraphQL API