Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

131,736 advisories

Loading
ArcadeDB has cross-database IDOR: /ts/*, /batch/*, Prometheus and Grafana handlers bypass authorization High
GHSA-x8mg-6r4p-87pf was published for com.arcadedb:arcadedb-server (Maven) Jul 16, 2026
ArcadeDB: Scripting authorization gate (GHSA-48qw-824m-86pr) bypassed via SQL DEFINE FUNCTION ... LANGUAGE js High
GHSA-vwjc-v7x7-cm6g was published for com.arcadedb:arcadedb-engine (Maven) Jul 16, 2026
ArcadeDB: Trigger scripts run with java.lang.* allowed, enabling OS command execution (RCE) High
GHSA-x9f9-r4m8-9xc2 was published for com.arcadedb:arcadedb-engine (Maven) Jul 16, 2026
MCP Python SDK: WebSocket server transport does not support Host/Origin validation High
CVE-2026-59950 was published for mcp (pip) Jul 16, 2026
nitish-yaddala Credited to nitish-yaddala, Nadav0077, dodge1218, gistrec, and u-ktdi Nadav0077 Nadav0077
dodge1218 dodge1218 gistrec gistrec u-ktdi u-ktdi
ArcadeDB: Privilege escalation via reader role in /api/v1/command JS scripting language — arbitrary host file read High
GHSA-48qw-824m-86pr was published for com.arcadedb:arcadedb-server (Maven) Jul 16, 2026
kyojune76 Credited to kyojune76
sondt99 Credited to sondt99
ProTip! Advisories are also available from the GraphQL API