GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10,344 advisories
Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`
Critical
CVE-2026-32633
was published
for
Glances
(pip)
Mar 16, 2026
Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials
High
CVE-2026-32609
was published
for
Glances
(pip)
Mar 16, 2026
Glances exposes the REST API without authentication
High
CVE-2026-32596
was published
for
Glances
(pip)
Mar 16, 2026
TinaCMS CLI has Arbitrary File Read via Disabled Vite Filesystem Restriction
Moderate
CVE-2026-29066
was published
for
@tinacms/cli
(npm)
Mar 12, 2026
Parse Server has a protected fields bypass via LiveQuery subscription WHERE clause
Moderate
CVE-2026-32098
was published
for
parse-server
(npm)
Mar 12, 2026
Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash
Moderate
CVE-2026-32094
was published
for
shescape
(npm)
Mar 11, 2026
Unauthorized access to Argo Workflows Template
High
CVE-2026-28229
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Mar 11, 2026
OpenClaw's dashboard leaked gateway auth material via browser URL/query and localStorage
High
GHSA-rchv-x836-w7xp
was published
for
openclaw
(npm)
Mar 9, 2026
Glances Exposes Unauthenticated Configuration Secrets
High
CVE-2026-30928
was published
for
glances
(pip)
Mar 9, 2026
FileBrowser Quantum: Password-Protected Share Bypass via /public/api/share/info
High
CVE-2026-30933
was published
for
github.com/gtsteffaniak/filebrowser/backend
(Go)
Mar 9, 2026
SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage
Critical
CVE-2026-30869
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 7, 2026
Caddy's vars_regexp double-expands user input, leaking env vars and files
Moderate
CVE-2026-30852
was published
for
github.com/caddyserver/caddy/v2/modules/caddyhttp
(Go)
Mar 6, 2026
ProTip!
Advisories are also available from the
GraphQL API