Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

521 advisories

Loading
Open WebUI has inconsistent authorization controls within memories API High
CVE-2026-44570 was published for open-webui (pip) May 11, 2026
Spring Cloud Config has an Authorization Bypass Through User-Controlled Key High
CVE-2026-40981 was published for org.springframework.cloud:spring-cloud-config-server (Maven) May 7, 2026
scottfrederick Credited to scottfrederick
Aegra has cross-user run injection in /threads/{thread_id}/runs (IDOR) High
CVE-2026-44504 was published for aegra-api (pip) May 7, 2026
victorjmarin Credited to victorjmarin
Grav Vulnerable to Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic High
CVE-2026-42609 was published for getgrav/grav (Composer) May 5, 2026
AnhNg1410 Credited to AnhNg1410
xIllunight Credited to xIllunight
Neko has a Self-service Privilege Escalation for Authenticated Users High
CVE-2026-39386 was published for github.com/m1k1o/neko/server (Go) Apr 21, 2026
blitzkrieg-patch Credited to blitzkrieg-patch
DeathsPirate Credited to DeathsPirate
berkdedekarginoglu Credited to berkdedekarginoglu
berkdedekarginoglu Credited to berkdedekarginoglu
Unauthenticated Information Disclosure (IDOR) via Multisite switch_to_blog in My Calendar High
CVE-2026-40308 was published for joedolson/my-calendar (Composer) Apr 16, 2026
minhi1 Credited to minhi1
ProTip! Advisories are also available from the GraphQL API