GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
838 advisories
Admidio: IDOR in documents-files.php allows cross-folder file rename and description changes by unauthorized uploaders
Moderate
CVE-2026-47230
was published
for
admidio/admidio
(Composer)
May 29, 2026
Admidio module-administrator can delete or reorder categories owned by other modules via dead authorization check in `modules/categories.php`
Moderate
CVE-2026-47227
was published
for
admidio/admidio
(Composer)
May 29, 2026
Admidio: Authorization bypass in file_delete enables cross-folder file removal by authenticated users without delete privileges
Moderate
CVE-2026-47226
was published
for
admidio/admidio
(Composer)
May 29, 2026
Open WebUI has an Indirect Object Reference (IDOR) in user notes
Moderate
CVE-2026-45666
was published
for
open-webui
(pip)
May 14, 2026
Open WebUI has an IDOR vulnerability in the pin_channel_message API endpoint
Moderate
CVE-2026-45386
was published
for
open-webui
(pip)
May 14, 2026
ProTip!
Advisories are also available from the
GraphQL API