Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

10,823 advisories

Loading
OpenAM Authenticated Privilege Escalation via Raw Token Disclosure Session RPC High
CVE-2026-45048 was published for org.openidentityplatform.openam:openam-core (Maven) Jun 23, 2026
wodzen Credited to wodzen
Gogs Vulnerable to Unauthenticated Organization Teams Information Disclosure via API Moderate
CVE-2026-52815 was published for gogs.io/gogs (Go) Jun 23, 2026
Capgo before 12.128.2 contains an unauthenticated security definer RPC function... High Unreviewed
CVE-2026-56242 was published Jun 21, 2026
SurrealDB: Indexed ORDER BY leaks the value ordering of a SELECT-restricted field Moderate
GHSA-h4h3-3rfj-x6fq was published for surrealdb (Rust) Jun 19, 2026
geo-chen Credited to geo-chen
parse-server: LiveQuery discloses object data to a subscriber across an ACL read-access change Low
GHSA-97pr-9hgg-3p8r was published for parse-server (npm) Jun 19, 2026
offset Credited to offset and mtrezza mtrezza mtrezza
Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit Critical
CVE-2026-55447 was published for langflow (pip) Jun 19, 2026
vbCrLf Credited to vbCrLf, AntonioABLima, andifilhohub, erichare, and Adam-Aghili AntonioABLima AntonioABLima
andifilhohub andifilhohub erichare erichare Adam-Aghili Adam-Aghili
dbt MCP Server: Unauthenticated OAuth Context Endpoint Leaks dbt Platform Tokens Moderate
CVE-2026-55837 was published for dbt-mcp (pip) Jun 19, 2026
EQSTLab Credited to EQSTLab
Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName Moderate
CVE-2026-11769 was published for github.com/grafana/grafana-operator (Go) Jun 19, 2026
cherez0ff Credited to cherez0ff
ProTip! Advisories are also available from the GraphQL API