GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information
High
CVE-2026-32300
was published
for
opensource-workshop/connect-cms
(Composer)
Mar 23, 2026
Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature
High
CVE-2026-32299
was published
for
opensource-workshop/connect-cms
(Composer)
Mar 23, 2026
Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin
High
CVE-2026-32278
was published
for
opensource-workshop/connect-cms
(Composer)
Mar 23, 2026
Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View
High
CVE-2026-32277
was published
for
opensource-workshop/connect-cms
(Composer)
Mar 23, 2026
Connect-CMS has Arbitrary Code Execution by an Authenticated User in its Code Study Plugin
High
CVE-2026-32276
was published
for
opensource-workshop/connect-cms
(Composer)
Mar 23, 2026
Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks
High
CVE-2026-31834
was published
for
Umbraco.Cms
(NuGet)
Mar 11, 2026
Gogs: DOM-based XSS via milestone selection
High
CVE-2026-26276
was published
for
gogs.io/gogs
(Go)
Mar 5, 2026
Vaultwarden's Collection Management Operations Allowed Without `manage` Verification for Manager Role
High
CVE-2026-27803
was published
for
vaultwarden
(Rust)
Mar 4, 2026
Vaultwarden has Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager
High
CVE-2026-27802
was published
for
vaultwarden
(Rust)
Mar 4, 2026
Ghost has Staff Token permission bypass
High
CVE-2026-22595
was published
for
ghost
(npm)
Jan 8, 2026
ProTip!
Advisories are also available from the
GraphQL API