GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
445 advisories
SiYuan Vulnerable to Arbitrary File Read in Desktop Publish Service
Critical
GHSA-fq2j-j8hc-8vw8
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 17, 2026
File Browser Signup Grants Admin When Default Permissions Include Admin
Critical
CVE-2026-32760
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Mar 16, 2026
Winter vulnerable to privilege escalation by authenticated backend users
Critical
CVE-2026-27591
was published
for
winter/wn-backend-module
(Composer)
Mar 12, 2026
Parse Server has role escalation and CLP bypass via direct `_Join` table write
Critical
CVE-2026-30966
was published
for
parse-server
(npm)
Mar 11, 2026
WeKnora Vulnerable to Broken Access Control in Tenant Management
Critical
CVE-2026-30855
was published
for
github.com/Tencent/WeKnora
(Go)
Mar 6, 2026
File Browser's TUS Delete Endpoint Bypasses Delete Permission Check
Critical
CVE-2026-29188
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Mar 4, 2026
Bypassing Kyverno Policies via Double Policy Exceptions
Critical
GHSA-gg4x-fgg2-h9w9
was published
for
github.com/kyverno/kyverno
(Go)
Jan 6, 2026
ProTip!
Advisories are also available from the
GraphQL API