GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
6 advisories
Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base Access Controls
High
CVE-2026-45398
was published
for
open-webui
(pip)
May 14, 2026
Open WebUI: Authenticated users can bypass model access control via exposed query parameter [AI-ASSISTED]
Moderate
CVE-2026-45365
was published
for
open-webui
(pip)
May 14, 2026
Spinnaker: RCE via expression parsing due to unrestricted context handling
Critical
CVE-2026-32613
was published
for
io.spinnaker.echo:echo-pipelinetriggers
(Maven)
Apr 21, 2026
Spinnaker: RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths
Critical
CVE-2026-32604
was published
for
io.spinnaker.clouddriver:clouddriver-artifacts-gitrepo
(Maven)
Apr 21, 2026
OpenClaw's Browser Relay /cdp websocket is missing auth which could allow cross-tab cookie access
High
CVE-2026-28458
was published
for
moltbot
(npm)
Feb 17, 2026
Craft CMS: save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host
Moderate
CVE-2026-25492
was published
for
craftcms/craft
(Composer)
Feb 9, 2026
ProTip!
Advisories are also available from the
GraphQL API