GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)
High
CVE-2026-26278
was published
for
fast-xml-parser
(npm)
Feb 17, 2026
Dagu affected by unauthenticated RCE via inline DAG spec in default configuration
Critical
GHSA-6qr9-g2xw-cw92
was published
for
github.com/dagu-org/dagu
(Go)
Feb 19, 2026
OneUptime:: node:vm sandbox escape in probe allows any project member to achieve RCE
Critical
CVE-2026-27574
was published
for
@oneuptime/common
(npm)
Feb 24, 2026
Isso affected by Stored XSS via comment website field
Moderate
CVE-2026-27469
was published
for
isso
(pip)
Feb 24, 2026
Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering
Critical
CVE-2026-27614
was published
for
bugsink
(pip)
Feb 25, 2026
OliveTin: OS Command Injection via `password` argument type and webhook JSON extraction bypasses shell safety checks
Critical
CVE-2026-27626
was published
for
github.com/OliveTin/OliveTin
(Go)
Feb 25, 2026
Parse Dashboard has incomplete authentication on AI Agent endpoint
Critical
CVE-2026-27595
was published
for
parse-dashboard
(npm)
Feb 25, 2026
Parse Dashboard is Missing Authorization for its Agent Endpoint
Critical
CVE-2026-27608
was published
for
parse-dashboard
(npm)
Feb 25, 2026
wger: IDOR in RepetitionsConfig and MaxRepetitionsConfig API leak other users' workout data
Moderate
CVE-2026-27835
was published
for
wger
(pip)
Feb 26, 2026
wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data
Low
CVE-2026-27838
was published
for
wger
(pip)
Feb 26, 2026
wger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookup
Moderate
CVE-2026-27839
was published
for
wger
(pip)
Feb 26, 2026
ProTip!
Advisories are also available from the
GraphQL API