GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
12 advisories
Umbraco Backoffice API Allows Unauthorized Modification of Domain Data
Moderate
CVE-2026-31832
was published
for
Umbraco.Cms
(NuGet)
Mar 11, 2026
Gogs: DOM-based XSS via milestone selection
High
CVE-2026-26276
was published
for
gogs.io/gogs
(Go)
Mar 5, 2026
Vaultwarden has Unauthorized Access via Partial Update API on Another User’s Cipher
Moderate
CVE-2026-27898
was published
for
vaultwarden
(Rust)
Mar 4, 2026
Vaultwarden's Collection Management Operations Allowed Without `manage` Verification for Manager Role
High
CVE-2026-27803
was published
for
vaultwarden
(Rust)
Mar 4, 2026
Vaultwarden has Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager
High
CVE-2026-27802
was published
for
vaultwarden
(Rust)
Mar 4, 2026
Gogs has arbitrary file read/write via Path Traversal in Git hook editing
Moderate
CVE-2026-23633
was published
for
gogs.io/gogs
(Go)
Feb 6, 2026
Gogs user can update repository content with read-only permission
Moderate
CVE-2026-23632
was published
for
gogs.io/gogs
(Go)
Feb 6, 2026
Ghost has SQL Injection in Members Activity Feed
Moderate
CVE-2026-22596
was published
for
ghost
(npm)
Jan 8, 2026
Ghost has SSRF via External Media Inliner
Moderate
CVE-2026-22597
was published
for
ghost
(npm)
Jan 8, 2026
Ghost has Staff Token permission bypass
High
CVE-2026-22595
was published
for
ghost
(npm)
Jan 8, 2026
jinjava has Sandbox Bypass via JavaType-Based Deserialization
Critical
CVE-2025-59340
was published
for
com.hubspot.jinjava:jinjava
(Maven)
Sep 17, 2025
ProTip!
Advisories are also available from the
GraphQL API