Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

26 advisories

Loading
AgenticMail: Cross-agent task authorization bypass in AgenticMail API High
GHSA-hjwc-26pj-v3pm was published for @agenticmail/api (npm) Jun 18, 2026
YHalo-wyh Credited to YHalo-wyh
whrit Credited to whrit
n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints High
CVE-2026-45732 was published for n8n (npm) May 14, 2026
nkoorty Credited to nkoorty and jjjutla jjjutla jjjutla
berkdedekarginoglu Credited to berkdedekarginoglu
berkdedekarginoglu Credited to berkdedekarginoglu
berkdedekarginoglu Credited to berkdedekarginoglu
berkdedekarginoglu Credited to berkdedekarginoglu
DeathsPirate Credited to DeathsPirate
berkdedekarginoglu Credited to berkdedekarginoglu
berkdedekarginoglu Credited to berkdedekarginoglu
Directus: Path Traversal and Broken Access Control in File Management API High
CVE-2026-39942 was published for directus (npm) Apr 4, 2026
r3dpower Credited to r3dpower, pmins99, and odgrso pmins99 pmins99
odgrso odgrso
OpenClaw: `session_status` sessionId resolution bypasses sandboxed session-tree visibility High
GHSA-q2qc-744p-66r2 was published for openclaw (npm) Mar 29, 2026
nexrin Credited to nexrin, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
tr4ce-ju Credited to tr4ce-ju
StudioCMS: IDOR — Arbitrary API Token Revocation Leading to Denial of Service High
CVE-2026-30945 was published for studiocms (npm) Mar 11, 2026
FilipeGaudard Credited to FilipeGaudard and Adammatthiesen Adammatthiesen Adammatthiesen
StudioCMS has Privilege Escalation via Insecure API Token Generation High
CVE-2026-30944 was published for studiocms (npm) Mar 10, 2026
FilipeGaudard Credited to FilipeGaudard and Adammatthiesen Adammatthiesen Adammatthiesen
OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding High
CVE-2026-30920 was published for @oneuptime/common (npm) Mar 9, 2026
maru1009 Credited to maru1009
berkdedekarginoglu Credited to berkdedekarginoglu
OpenClaw's commands.allowFrom sender authorization accepted conversation identifiers via ctx.From High
GHSA-2ch6-x3g4-7759 was published for openclaw (npm) Mar 3, 2026
jiseoung Credited to jiseoung
vincentkoc Credited to vincentkoc
OpenClaw Hook Session Key Override Enables Targeted Cross-Session Routing High
GHSA-hv93-r4j3-q65f was published for openclaw (npm) Feb 17, 2026
alpernae Credited to alpernae
Better Auth Passkey Plugin allows passkey deletion through IDOR High
GHSA-4vcf-q4xf-f48m was published for @better-auth/passkey (npm) Nov 25, 2025
goksan Credited to goksan
Strapi Allows Unauthorized Access to Private Fields via parms.lookup High
CVE-2024-56143 was published for @strapi/core (npm) Oct 16, 2025
Boegie19 Credited to Boegie19, alexandrebodin, and derrickmehaffy alexandrebodin alexandrebodin
derrickmehaffy derrickmehaffy
Next.js Cache Poisoning High
CVE-2024-46982 was published for next (npm) Sep 17, 2024
OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation High
CVE-2024-29194 was published for @oneuptime/common-server (npm) Mar 25, 2024
saunders-jake Credited to saunders-jake
Authorization Bypass in parse-path High
CVE-2022-0624 was published for parse-path (npm) Jun 29, 2022
ProTip! Advisories are also available from the GraphQL API