GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
8 advisories
Filament has inconsistent scope enforcement for its AttachAction and AssociateAction Select fields
Moderate
CVE-2026-48067
was published
for
filament/actions
(Composer)
Jun 11, 2026
Shopper: Authorization bypass and RBAC privilege escalation in team settings
Critical
CVE-2026-47744
was published
for
shopper/framework
(Composer)
Jun 5, 2026
Shopper: Multiple data integrity and disclosure issues in admin Livewire components
High
CVE-2026-47743
was published
for
shopper/framework
(Composer)
Jun 5, 2026
Shopper: Missing per-action authorization on PaymentMethods, Currencies and Carriers admin tables
Moderate
CVE-2026-47745
was published
for
shopper/framework
(Composer)
Jun 5, 2026
Shopper: Missing authorization on Product admin Livewire sub-form components
Moderate
CVE-2026-47742
was published
for
shopper/framework
(Composer)
Jun 5, 2026
shopper/framework: Race condition on Discount.usage_limit allows silent over-redemption
Moderate
CVE-2026-47741
was published
for
shopper/cart
(Composer)
May 18, 2026
shopper/framework: Authorization bypass in multiple Livewire admin components
High
CVE-2026-47740
was published
for
shopper/framework
(Composer)
May 18, 2026
Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint
High
CVE-2026-44692
was published
for
code16/sharp
(Composer)
May 15, 2026
ProTip!
Advisories are also available from the
GraphQL API