GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
552 advisories
Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion
Critical
GHSA-rmpj-3x5m-9m5f
was published
for
admidio/admidio
(Composer)
Mar 16, 2026
Winter vulnerable to privilege escalation by authenticated backend users
Critical
CVE-2026-27591
was published
for
winter/wn-backend-module
(Composer)
Mar 12, 2026
WWBN AVideo is vulnerable to unauthenticated OS Command Injection via base64Url in objects/getImage.php
Critical
CVE-2026-29058
was published
for
wwbn/avideo
(Composer)
Mar 3, 2026
Idno Vulnerable to Unauthenticated SSRF via URL Unfurl Endpoint
Critical
CVE-2026-28508
was published
for
idno/known
(Composer)
Mar 2, 2026
LibreNMS Information Disclosure
Critical
CVE-2019-10665
was published
for
librenms/librenms
(Composer)
May 24, 2022
AVideo has Authenticated Remote Code Execution via Unsafe Plugin ZIP Extraction
Critical
CVE-2026-28502
was published
for
wwbn/avideo
(Composer)
Mar 2, 2026
AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php
Critical
CVE-2026-28501
was published
for
wwbn/avideo
(Composer)
Mar 2, 2026
Craft CMS Vulnerable to Authenticated RCE via "craft.app.fs.write()" in Twig Templates
Critical
CVE-2026-28697
was published
for
craftcms/cms
(Composer)
Mar 3, 2026
Froxlor has Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection
Critical
CVE-2026-26279
was published
for
froxlor/froxlor
(Composer)
Mar 3, 2026
OpenSTAManager affected by unauthenticated privilege escalation via modules/utenti/actions.php
Critical
CVE-2026-27012
was published
for
devcode-it/openstamanager
(Composer)
Mar 3, 2026
Statamic is vulnerable to account takeover via password reset link injection
Critical
CVE-2026-27593
was published
for
statamic/cms
(Composer)
Feb 24, 2026
Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization
Critical
CVE-2025-49113
was published
for
roundcube/roundcubemail
(Composer)
Jun 2, 2025
Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization
Critical
CVE-2026-26016
was published
for
pterodactyl/panel
(Composer)
Feb 17, 2026
Known affected by Account Takeover via Password Reset Token Leakage
Critical
CVE-2026-26273
was published
for
idno/known
(Composer)
Feb 13, 2026
OpenSTAManager has an OS Command Injection in P7M File Processing
Critical
CVE-2025-69212
was published
for
devcode-it/openstamanager
(Composer)
Feb 6, 2026
CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor
Critical
CVE-2026-25510
was published
for
ci4-cms-erp/ci4ms
(Composer)
Feb 2, 2026
Laravel Redis Horizontal Scaling Insecure Deserialization
Critical
CVE-2026-23524
was published
for
laravel/reverb
(Composer)
Jan 21, 2026
ProTip!
Advisories are also available from the
GraphQL API