GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7,010 advisories
Apollo Router Core: Browser Bug Enables Bypass of XS-Search Prevention via Read-Only Cross-Site Request Forgery
Moderate
GHSA-hff2-gcpx-8f4p
was published
for
apollo-router
(Rust)
Mar 26, 2026
Apollo Server: Browser bug allows for bypass of XS-Search (read-only Cross-Site Request Forgery) prevention
Moderate
GHSA-9q82-xgwf-vj6h
was published
for
@apollo/server
(npm)
Mar 26, 2026
OpenClaw Exposes Credentials Embedded in baseUrl Fields via config.get and channels.status
Moderate
GHSA-ppwq-6v66-5m6j
was published
for
openclaw
(npm)
Mar 26, 2026
Statamic's sensitive configuration values are exposed to content editors via Antlers-enabled fields
Moderate
CVE-2026-33886
was published
for
statamic/cms
(Composer)
Mar 26, 2026
Statamic's Markdown preview endpoint exposes sensitive user data
Moderate
CVE-2026-33882
was published
for
statamic/cms
(Composer)
Mar 26, 2026
AVideo: Unauthenticated Access to Scheduler Plugin Endpoints Leaks Scheduled Tasks, Email Content, and User Mappings
Moderate
CVE-2026-33761
was published
for
wwbn/avideo
(Composer)
Mar 26, 2026
Vikjuna: Webhook BasicAuth Credentials Exposed to Read-Only Project Collaborators via API
Moderate
CVE-2026-33677
was published
for
code.vikunja.io/api
(Go)
Mar 25, 2026
Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground
Moderate
CVE-2026-27131
was published
for
putyourlightson/craft-sprig
(Composer)
Mar 23, 2026
AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php
Moderate
CVE-2026-33041
was published
for
wwbn/avideo
(Composer)
Mar 17, 2026
Amazon S3 for Craft CMS has an Information Disclosure vulnerability
Moderate
CVE-2026-32265
was published
for
craftcms/aws-s3
(Composer)
Mar 16, 2026
ProTip!
Advisories are also available from the
GraphQL API