GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
28,966 advisories
OneUptime: Synthetic Monitor RCE via exposed Playwright browser object
Critical
GHSA-4j36-39gm-8vq8
was published
for
@oneuptime/common
(npm)
Mar 7, 2026
OneUpTime's Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCE
Critical
GHSA-h343-gg57-2q67
was published
for
@oneuptime/common
(npm)
Mar 7, 2026
SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage
Critical
GHSA-2h2p-mvfx-868w
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 7, 2026
WeKnora has Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation
Critical
CVE-2026-30861
was published
for
github.com/Tencent/WeKnora
(Go)
Mar 7, 2026
WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool
Critical
CVE-2026-30860
was published
for
github.com/Tencent/WeKnora
(Go)
Mar 6, 2026
WeKnora Vulnerable to Broken Access Control in Tenant Management
Critical
CVE-2026-30855
was published
for
github.com/Tencent/WeKnora
(Go)
Mar 6, 2026
soft-serve vulnerable to SSRF via unvalidated LFS endpoint in repo import
Critical
CVE-2026-30832
was published
for
github.com/charmbracelet/soft-serve
(Go)
Mar 6, 2026
ProTip!
Advisories are also available from the
GraphQL API