Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

151,474 advisories

Loading
Agentgateway is missing parameter sanitization in MCP to OpenAPI conversion Moderate
GHSA-v2x6-wwfw-r2rq was published for github.com/agentgateway/agentgateway (Go) Mar 5, 2026
eml_parser: Path Traversal in Official Example Script Leads to Arbitrary File Write Moderate
CVE-2026-29780 was published for eml-parser (pip) Mar 5, 2026
redyank Credited to redyank
File Browser's TUS Delete Endpoint Bypasses Delete Permission Check Moderate
CVE-2026-29188 was published for github.com/filebrowser/filebrowser/v2 (Go) Mar 4, 2026
fg0x0 Credited to fg0x0 and hacdias hacdias hacdias
changedetection.io has Reflected XSS in its RSS Tag Error Response Moderate
CVE-2026-29038 was published for changedetection.io (pip) Mar 4, 2026
Akokonunes Credited to Akokonunes
Kimai's API invoice endpoint missing customer-level access control (IDOR) Moderate
CVE-2026-28685 was published for kimai/kimai (Composer) Mar 4, 2026
lxd's non-recursive certificate listing bypasses per-object authorization and leaks all fingerprints Moderate
CVE-2026-3351 was published for github.com/canonical/lxd (Go) Mar 4, 2026
bugbunny-research Credited to bugbunny-research
neqo-qpack has iInteger overflow in qpack dynamic table indexing Moderate
GHSA-6w86-wgwq-rgq8 was published for neqo-qpack (Rust) Mar 4, 2026
Vaultwarden has Unauthorized Access via Partial Update API on Another User’s Cipher Moderate
CVE-2026-27898 was published for vaultwarden (Rust) Mar 4, 2026
odgrso Credited to odgrso and BlackDex BlackDex BlackDex
ProTip! Advisories are also available from the GraphQL API