For questions or comments or to report an issue about OpenLibrary.org, please contact openlibrary@archive.org and cc: mek@archive.org.
Security: internetarchive/openlibrary
Security
SECURITY.md
-
SQL injection hardening: multiple ORDER BY / WHERE injection sinks across OL core and admin modulesGHSA-f93m-7x4r-g296 published
Jun 16, 2026 by mekarpelesCritical -
Stored XSS via unsanitized user displayname and key in post-login redirect pageGHSA-ghv9-wx77-wg5v published
Jun 16, 2026 by mekarpelesModerate -
SSRF via cover upload source_url allows probing internal infrastructure and cloud metadataGHSA-jcxx-2953-qvvw published
Jun 16, 2026 by mekarpelesHigh
Learn more about advisories related to internetarchive/openlibrary in the GitHub Advisory Database