GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
128,995 advisories
Gogs has the ability to import local repositories via Mirror Settings
High
CVE-2026-52801
was published
for
gogs.io/gogs
(Go)
Jun 23, 2026
Gogs Vulnerable to CSRF Leading to Organization Owner Takeover
High
CVE-2026-52800
was published
for
gogs.io/gogs
(Go)
Jun 23, 2026
Gogs Missing Authorization in Attachment Download
High
CVE-2026-52799
was published
for
gogs.io/gogs
(Go)
Jun 22, 2026
Gogs has Stored XSS in `.ipynb` Preview
High
CVE-2026-52798
was published
for
gogs.io/gogs
(Go)
Jun 22, 2026
@budibase/backend-core has potential SSRF DNS rebinding bypass in outbound fetch validation
High
CVE-2026-54353
was published
for
@budibase/backend-core
(npm)
Jun 22, 2026
Budibase: Mass Assignment in Webhook Trigger Allows Cross-Workspace Automation Execution via appId Override
High
CVE-2026-54351
was published
for
@budibase/server
(npm)
Jun 22, 2026
@actual-app/sync-server: Disabled OpenID users keep access through existing session tokens
High
CVE-2026-49229
was published
for
@actual-app/sync-server
(npm)
Jun 22, 2026
Budibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT pre-signed URLs using stored datasource IAM credentials
High
CVE-2026-50137
was published
for
@budibase/server
(npm)
Jun 22, 2026
Budibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentials
High
CVE-2026-50136
was published
for
@budibase/server
(npm)
Jun 22, 2026
Budibase has an Account Impersonation Issue — Chat Identity Link Hijacking via Missing Consent & CSRF
High
CVE-2026-50132
was published
for
@budibase/server
(npm)
Jun 22, 2026
Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata
High
CVE-2026-48153
was published
for
@budibase/server
(npm)
Jun 22, 2026
Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533)
High
CVE-2026-46608
was published
for
glances
(pip)
Jun 22, 2026
Glances has Insecure Pickle Deserialization in its Version Cache that Leads to Arbitrary Code Execution
High
CVE-2026-46607
was published
for
glances
(pip)
Jun 22, 2026
Glances is Vulnerable to Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py
High
CVE-2026-46606
was published
for
glances
(pip)
Jun 22, 2026
OpenAM has LDAP Injection via `_queryId` Parameter
High
CVE-2026-41573
was published
for
org.openidentityplatform.openam:openam-core-rest
(Maven)
Jun 22, 2026
AVideo Vulnerable to Unauthenticated .env File Exposure via Official Docker Compose Configuration
High
CVE-2026-33692
was published
for
wwbn/avideo
(Composer)
Jun 22, 2026
ProTip!
Advisories are also available from the
GraphQL API