GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
7 advisories
Kimai's Twig function config() leaks server-wide secrets (LDAP bind password, SAML SP private key) via invoice/export templates
Moderate
GHSA-vrqv-52x7-rm4v
was published
for
kimai/kimai
(Composer)
May 6, 2026
CI4MS Theme::upload is vulnerable to Zip Slip leading to RCE
Critical
CVE-2026-41203
was published
for
ci4-cms-erp/ci4ms
(Composer)
Apr 22, 2026
CI4MS Backup::restore is vulnerable to Zip Slip leading to RCE
Critical
CVE-2026-41202
was published
for
ci4-cms-erp/ci4ms
(Composer)
Apr 22, 2026
AVideo: IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.php
Moderate
CVE-2026-33297
was published
for
wwbn/avideo
(Composer)
Mar 19, 2026
AVideo has an Open Redirect via Unvalidated redirectUri in userLogin.php
Low
CVE-2026-33296
was published
for
wwbn/avideo
(Composer)
Mar 19, 2026
AVideo Affected by Stored XSS via Unescaped Video Title in CDN downloadButtons.php
High
CVE-2026-33295
was published
for
wwbn/avideo
(Composer)
Mar 19, 2026
AVideo has Unauthenticated PGP Message Decryption via Public Endpoint
Moderate
GHSA-5x2w-37xf-7962
was published
for
wwbn/avideo
(Composer)
Mar 19, 2026
ProTip!
Advisories are also available from the
GraphQL API