GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
27,557 advisories
StudioCMS REST getUsers Exposes Owner Account Records to Admin Tokens
Low
CVE-2026-32638
was published
for
studiocms
(npm)
Mar 16, 2026
Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers
High
CVE-2026-32634
was published
for
Glances
(pip)
Mar 16, 2026
Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`
Critical
CVE-2026-32633
was published
for
Glances
(pip)
Mar 16, 2026
Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding
Moderate
CVE-2026-32632
was published
for
Glances
(pip)
Mar 16, 2026
Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements
High
CVE-2026-32611
was published
for
Glances
(pip)
Mar 16, 2026
Glances's Default CORS Configuration Allows Cross-Origin Credential Theft
High
CVE-2026-32610
was published
for
Glances
(pip)
Mar 16, 2026
Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials
High
CVE-2026-32609
was published
for
Glances
(pip)
Mar 16, 2026
Glances has a Command Injection via Process Names in Action Command Templates
High
CVE-2026-32608
was published
for
Glances
(pip)
Mar 16, 2026
Glances exposes the REST API without authentication
High
CVE-2026-32596
was published
for
Glances
(pip)
Mar 16, 2026
ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack
High
CVE-2026-28500
was published
for
onnx
(pip)
Mar 16, 2026
LeafKit's HTML escaping may be skipped for Collection values, enabling XSS
Moderate
CVE-2026-28499
was published
for
leaf-kit
(Swift)
Mar 16, 2026
pyOpenSSL DTLS cookie callback buffer overflow
High
CVE-2026-27459
was published
for
pyopenssl
(pip)
Mar 16, 2026
Uncontrolled memory allocation via crafted SVG dimensions in @dicebear/converter
High
CVE-2026-29112
was published
for
@dicebear/converter
(npm)
Mar 16, 2026
Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding
High
CVE-2026-28498
was published
for
authlib
(pip)
Mar 16, 2026
ProTip!
Advisories are also available from the
GraphQL API