Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
Admidio has CSRF on Admin Preferences that Triggers Unauthorized Backup, .htaccess Write, and Email Send Low
CVE-2026-41663 was published for admidio/admidio (Composer) Apr 29, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Admidio Missing Minimum Administrator Check in Role Membership Removal Moderate
CVE-2026-41662 was published for admidio/admidio (Composer) Apr 29, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Admidio vulnerable to reflected XSS in msg_window.php via Square Bracket to HTML Tag Conversion Moderate
CVE-2026-41661 was published for admidio/admidio (Composer) Apr 29, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Admidio has Inverted 2FA Reset Authorization Check that Lets Group Leaders Strip Admin TOTP High
CVE-2026-41660 was published for admidio/admidio (Composer) Apr 29, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Note Mark: Unauthenticated read of notes and assets in soft-deleted public books Moderate
CVE-2026-41572 was published for github.com/enchant97/note-mark/backend (Go) Apr 25, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Note Mark: OIDC-registered users authenticated by submitting password "null" Critical
CVE-2026-41571 was published for github.com/enchant97/note-mark/backend (Go) Apr 25, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Vikunja has File Size Limit Bypass via Vikunja Import Moderate
CVE-2026-35602 was published for code.vikunja.io/api (Go) Apr 10, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Vikunja has iCalendar Property Injection via CRLF in CalDAV Task Output Moderate
CVE-2026-35601 was published for code.vikunja.io/api (Go) Apr 10, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Vikunja has HTML Injection via Task Titles in Overdue Email Notifications Moderate
CVE-2026-35600 was published for code.vikunja.io/api (Go) Apr 10, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Vikunja has Algorithmic Complexity DoS in Repeating Task Handler Moderate
CVE-2026-35599 was published for code.vikunja.io/api (Go) Apr 10, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Vikunja Missing Authorization on CalDAV Task Read Moderate
CVE-2026-35598 was published for code.vikunja.io/api (Go) Apr 10, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Vikunja Vulnerable to TOTP Brute-Force Due to Non-Functional Account Lockout Moderate
CVE-2026-35597 was published for code.vikunja.io/api (Go) Apr 10, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Vikunja has Broken Access Control on Label Read via SQL Operator Precedence Bug Moderate
CVE-2026-35596 was published for code.vikunja.io/api (Go) Apr 10, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Vikunja vulnerable to Privilege Escalation via Project Reparenting High
CVE-2026-35595 was published for code.vikunja.io/api (Go) Apr 10, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Unauthenticated Information Disclosure via Missing Auth on CloneSite client.log.php Moderate
CVE-2026-35452 was published for wwbn/avideo (Composer) Apr 4, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Unauthenticated FFmpeg Remote Server Status Disclosure via check.ffmpeg.json.php Moderate
CVE-2026-35450 was published for wwbn/avideo (Composer) Apr 4, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Unauthenticated Information Disclosure via Disabled CLI Guard in install/test.php Moderate
CVE-2026-35449 was published for wwbn/avideo (Composer) Apr 4, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.php Low
CVE-2026-35448 was published for wwbn/avideo (Composer) Apr 4, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: CSRF on Player Skin Configuration via admin/playerUpdate.json.php Moderate
CVE-2026-35181 was published for wwbn/avideo (Composer) Apr 3, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Unauthenticated Instagram Graph API Proxy via publishInstagram.json.php Moderate
CVE-2026-35179 was published for wwbn/avideo (Composer) Apr 3, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo has Stored XSS via Unescaped Menu Item Fields in TopMenu Plugin Moderate
GHSA-gmpc-fxg2-vcmq was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Stored SSRF via Video EPG Link Missing isSSRFSafeURL() Validation Moderate
CVE-2026-34740 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.php Moderate
CVE-2026-34739 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter Moderate
CVE-2026-34738 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Arbitrary Stripe Subscription Cancellation via Debug Endpoint and retrieveSubscriptions() Bug Moderate
CVE-2026-34737 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database