GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
838 advisories
Admidio: IDOR in documents-files.php allows cross-folder file rename and description changes by unauthorized uploaders
Moderate
CVE-2026-47230
was published
for
admidio/admidio
(Composer)
May 29, 2026
Admidio module-administrator can delete or reorder categories owned by other modules via dead authorization check in `modules/categories.php`
Moderate
CVE-2026-47227
was published
for
admidio/admidio
(Composer)
May 29, 2026
Admidio: Authorization bypass in file_delete enables cross-folder file removal by authenticated users without delete privileges
Moderate
CVE-2026-47226
was published
for
admidio/admidio
(Composer)
May 29, 2026
MantisBT Has Authorization Bypass in Global Profile Creation
Moderate
CVE-2026-33052
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
Open WebUI has an Indirect Object Reference (IDOR) in user notes
Moderate
CVE-2026-45666
was published
for
open-webui
(pip)
May 14, 2026
OpenClaw: Hook mapping templates could bypass hook session-key opt-in
Moderate
CVE-2026-45002
was published
for
openclaw
(npm)
Apr 25, 2026
ProTip!
Advisories are also available from the
GraphQL API