Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

25 advisories

Loading
Vikunja has File Size Limit Bypass via Vikunja Import Moderate
CVE-2026-35602 was published for code.vikunja.io/api (Go) Apr 10, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Vikunja has iCalendar Property Injection via CRLF in CalDAV Task Output Moderate
CVE-2026-35601 was published for code.vikunja.io/api (Go) Apr 10, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Vikunja has HTML Injection via Task Titles in Overdue Email Notifications Moderate
CVE-2026-35600 was published for code.vikunja.io/api (Go) Apr 10, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Vikunja has Algorithmic Complexity DoS in Repeating Task Handler Moderate
CVE-2026-35599 was published for code.vikunja.io/api (Go) Apr 10, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Vikunja Missing Authorization on CalDAV Task Read Moderate
CVE-2026-35598 was published for code.vikunja.io/api (Go) Apr 10, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Vikunja Vulnerable to TOTP Brute-Force Due to Non-Functional Account Lockout Moderate
CVE-2026-35597 was published for code.vikunja.io/api (Go) Apr 10, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Vikunja has Broken Access Control on Label Read via SQL Operator Precedence Bug Moderate
CVE-2026-35596 was published for code.vikunja.io/api (Go) Apr 10, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Unauthenticated Information Disclosure via Missing Auth on CloneSite client.log.php Moderate
CVE-2026-35452 was published for wwbn/avideo (Composer) Apr 4, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Unauthenticated FFmpeg Remote Server Status Disclosure via check.ffmpeg.json.php Moderate
CVE-2026-35450 was published for wwbn/avideo (Composer) Apr 4, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Unauthenticated Information Disclosure via Disabled CLI Guard in install/test.php Moderate
CVE-2026-35449 was published for wwbn/avideo (Composer) Apr 4, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: CSRF on Player Skin Configuration via admin/playerUpdate.json.php Moderate
CVE-2026-35181 was published for wwbn/avideo (Composer) Apr 3, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Unauthenticated Instagram Graph API Proxy via publishInstagram.json.php Moderate
CVE-2026-35179 was published for wwbn/avideo (Composer) Apr 3, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo has Stored XSS via Unescaped Menu Item Fields in TopMenu Plugin Moderate
GHSA-gmpc-fxg2-vcmq was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs
AVideo: Stored SSRF via Video EPG Link Missing isSSRFSafeURL() Validation Moderate
CVE-2026-34740 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.php Moderate
CVE-2026-34739 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter Moderate
CVE-2026-34738 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Arbitrary Stripe Subscription Cancellation via Debug Endpoint and retrieveSubscriptions() Bug Moderate
CVE-2026-34737 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard Moderate
CVE-2026-34733 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints Moderate
CVE-2026-34732 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: DOM XSS via Unsanitized Display Name in WebSocket Call Notification Moderate
CVE-2026-34716 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins Moderate
CVE-2026-34613 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: CSRF on emailAllUsers.json.php Enables Mass Phishing Email to All Users Moderate
CVE-2026-34611 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo has Stored XSS via Unescaped Plugin Configuration Values in Admin Panel Moderate
CVE-2026-34396 was published for wwbn/avideo (Composer) Mar 31, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo vulnerable to Mass User PII Disclosure via Missing Authorization in YPTWallet users.json.php Moderate
CVE-2026-34395 was published for wwbn/avideo (Composer) Mar 31, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands Moderate
CVE-2026-29772 was published for @astrojs/node (npm) Mar 24, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database