For questions or comments or to report an issue about OpenLibrary.org, please contact openlibrary@archive.org and cc: mek@archive.org.
Security: internetarchive/openlibrary
Security
SECURITY.md
-
SQL injection hardening: multiple ORDER BY / WHERE injection sinks across OL core and admin modulesGHSA-f93m-7x4r-g296 published
Jun 16, 2026 by mekarpelesCritical -
Stored XSS via unsanitized user displayname and key in post-login redirect pageGHSA-ghv9-wx77-wg5v published
Jun 16, 2026 by mekarpelesModerate -
Post-login open redirect via insufficiently validated returnTo parameterGHSA-mcjc-2c93-3r8c published
Jun 19, 2026 by mekarpelesHigh -
SSRF via cover upload source_url allows probing internal infrastructure and cloud metadataGHSA-jcxx-2953-qvvw published
Jun 16, 2026 by mekarpelesHigh -
Open redirect in FastAPI login endpoint via unvalidated redirect parameterGHSA-22xr-xvw5-m2r9 published
Jun 19, 2026 by mekarpelesHigh
Learn more about advisories related to internetarchive/openlibrary in the GitHub Advisory Database