GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10,334 advisories
Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters
High
CVE-2026-33981
was published
for
changedetection.io
(pip)
Mar 27, 2026
Apollo Router Core: Browser Bug Enables Bypass of XS-Search Prevention via Read-Only Cross-Site Request Forgery
Moderate
GHSA-hff2-gcpx-8f4p
was published
for
apollo-router
(Rust)
Mar 26, 2026
Apollo Server: Browser bug allows for bypass of XS-Search (read-only Cross-Site Request Forgery) prevention
Moderate
GHSA-9q82-xgwf-vj6h
was published
for
@apollo/server
(npm)
Mar 26, 2026
OpenClaw Exposes Credentials Embedded in baseUrl Fields via config.get and channels.status
Moderate
GHSA-ppwq-6v66-5m6j
was published
for
openclaw
(npm)
Mar 26, 2026
Statamic's sensitive configuration values are exposed to content editors via Antlers-enabled fields
Moderate
CVE-2026-33886
was published
for
statamic/cms
(Composer)
Mar 26, 2026
Statamic's Markdown preview endpoint exposes sensitive user data
Moderate
CVE-2026-33882
was published
for
statamic/cms
(Composer)
Mar 26, 2026
AVideo: Unauthenticated Access to Scheduler Plugin Endpoints Leaks Scheduled Tasks, Email Content, and User Mappings
Moderate
CVE-2026-33761
was published
for
wwbn/avideo
(Composer)
Mar 26, 2026
Craft CMS: Authorized asset "preview file" requests bypass allows users without asset access to retrieve private preview metadata
Low
GHSA-44px-qjjc-xrhq
was published
for
craftcms/cms
(Composer)
Mar 26, 2026
Vikjuna: Webhook BasicAuth Credentials Exposed to Read-Only Project Collaborators via API
Moderate
CVE-2026-33677
was published
for
code.vikunja.io/api
(Go)
Mar 25, 2026
Parse Server exposes auth data via /users/me endpoint
High
CVE-2026-33627
was published
for
parse-server
(npm)
Mar 24, 2026
Craft CMS' anonymous "assets/image-editor" calls return private asset editor metadata to unauthorized users
Low
CVE-2026-33161
was published
for
craftcms/cms
(Composer)
Mar 24, 2026
ProTip!
Advisories are also available from the
GraphQL API