GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
3,377 advisories
TYPO3 sf_register extension allows unauthorized assignment of frontend user groups
Moderate
CVE-2026-46721
was published
for
evoweb/sf-register
(Composer)
May 19, 2026
TYPO3 ke_search path traversal due to lack of normalization on config directory from file indexer
Moderate
CVE-2026-46724
was published
for
tpwd/ke_search
(Composer)
May 19, 2026
TYPO3 ke_search XML External Entity Injection
Moderate
CVE-2026-46722
was published
for
tpwd/ke_search
(Composer)
May 19, 2026
TYPO3 ke_search path traversal from arbitrary table configuration input
Moderate
CVE-2026-46723
was published
for
tpwd/ke_search
(Composer)
May 19, 2026
Statamic Vulnerable to CSV formula injection in form submission exports
Moderate
CVE-2026-54243
was published
for
statamic/cms
(Composer)
Jun 26, 2026
Statamic Vulnerable to Server-Side Request Forgery via Glide (DNS rebinding)
Moderate
CVE-2026-54242
was published
for
statamic/cms
(Composer)
Jun 26, 2026
Statamic CMS: Missing authorization on Control Panel fieldtype endpoints allows disclosure of restricted resources
Moderate
CVE-2026-49288
was published
for
statamic/cms
(Composer)
Jun 26, 2026
CakePHP: View::element() is missing a path containment check
Moderate
CVE-2026-48820
was published
for
cakephp/cakephp
(Composer)
Jun 26, 2026
Pterodactyl Panel: Client email change endpoint allows enumeration of accounts in system
Moderate
GHSA-j7f5-gfqm-pcx3
was published
for
pterodactyl/panel
(Composer)
Jun 26, 2026
Snipe-IT Vulnerable to Privilege Escalation via Missing admin Permission Check in User Creation
Moderate
CVE-2026-55483
was published
for
snipe/snipe-it
(Composer)
Jun 23, 2026
Snipe-IT has Multi-Tenancy Bypass via Bulk Asset Update
Moderate
CVE-2026-55482
was published
for
snipe/snipe-it
(Composer)
Jun 23, 2026
ProTip!
Advisories are also available from the
GraphQL API