Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

7,308 advisories

Loading
Craft CMS: Sensitive File Disclosure / Server-Side File Read Moderate
CVE-2026-55792 was published for craftcms/cms (Composer) Jul 6, 2026
smakarim Credited to smakarim
Susen2 Credited to Susen2
nimonian Credited to nimonian
Froxlor: Authenticated customers can read other customers' allowed sender aliases Moderate
GHSA-mr9h-45p9-fg8h was published for froxlor/froxlor (Composer) Jul 2, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
tonghuaroot Credited to tonghuaroot
OpenClaw MCP SSE redirects could forward Authorization headers Moderate
GHSA-9c3v-684m-579c was published for openclaw (npm) Jul 1, 2026
dingliweixlm-byte Credited to dingliweixlm-byte
ORAS Go forwards registry credentials across registry redirects Moderate
GHSA-vh4v-2xq2-g5cg was published for oras.land/oras-go/v2 (Go) Jul 1, 2026
mosskappa Credited to mosskappa
SurrealDB: Graph traversal bypasses table SELECT permissions Moderate
GHSA-vjjx-rfw4-rmfc was published for surrealdb (Rust) Jul 1, 2026
repomix: attach_packed_output can bypass file-read secret scanning for supported local files Moderate
CVE-2026-49988 was published for repomix (npm) Jul 1, 2026
dodge1218 Credited to dodge1218
Capgo before 12.128.2 contains an information disclosure vulnerability in the /private... Moderate Unreviewed
CVE-2026-56318 was published Jul 1, 2026
ProTip! Advisories are also available from the GraphQL API