GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,910 advisories
OpenBao lacks user confirmation for OIDC direct callback mode
Critical
CVE-2026-33757
was published
for
github.com/openbao/openbao
(Go)
Mar 26, 2026
Langflow has Authenticated Code Execution in Agentic Assistant Validation
Critical
CVE-2026-33873
was published
for
langflow
(pip)
Mar 26, 2026
AVideo has Plaintext Video Password Storage
Critical
CVE-2026-33867
was published
for
wwbn/avideo
(Composer)
Mar 26, 2026
Vikunja: Unauthenticated Instance-Wide Data Breach via Link Share Hash Disclosure Chained with Cross-Project Attachment IDOR
Critical
GHSA-2pv8-4c52-mf8j
was published
for
code.vikunja.io/api
(Go)
Mar 26, 2026
n8n: Prototype Pollution in XML and GSuiteAdmin node parameters lead to RCE
Critical
CVE-2026-33696
was published
for
n8n
(npm)
Mar 26, 2026
AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php
Critical
CVE-2026-33716
was published
for
wwbn/avideo
(Composer)
Mar 25, 2026
n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode
Critical
CVE-2026-33660
was published
for
n8n
(npm)
Mar 25, 2026
SiYuan has directory traversal within its publishing service
Critical
CVE-2026-33670
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 25, 2026
SiYuan has Arbitrary Document Reading within the Publishing Service
Critical
CVE-2026-33669
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 25, 2026
Scriban: Sandbox escape due to TypedObjectAccessorcache bypassing MemberFilter after TemplateContext reuse
Critical
GHSA-5wr9-m6jw-xx44
was published
for
scriban
(NuGet)
Mar 24, 2026
MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL
Critical
CVE-2026-30849
was published
for
mantisbt/mantisbt
(Composer)
Mar 23, 2026
Zen-AI-Pentest has Shell Injection via untrusted issue title in ZenClaw Discord Integration workflow
Critical
GHSA-f67f-hcr6-94mf
was published
for
SHAdd0WTAka/Zen-Ai-Pentest
(GitHub Actions)
Mar 20, 2026
AVideo has Unauthenticated SSRF via plugin/Live/test.php
Critical
CVE-2026-33502
was published
for
wwbn/avideo
(Composer)
Mar 20, 2026
ProTip!
Advisories are also available from the
GraphQL API