GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
27,905 advisories
OpenFGA has an Authorization Bypass through cached keys
Moderate
CVE-2026-33729
was published
for
github.com/openfga/openfga
(Go)
Mar 26, 2026
ImageMagick has an Out-of-Bounds write of a zero byte in its X11 display interaction
Moderate
CVE-2026-33535
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Mar 26, 2026
Craft CMS: Authorized asset "preview file" requests bypass allows users without asset access to retrieve private preview metadata
Low
GHSA-44px-qjjc-xrhq
was published
for
craftcms/cms
(Composer)
Mar 26, 2026
Vikunja: Unauthenticated Instance-Wide Data Breach via Link Share Hash Disclosure Chained with Cross-Project Attachment IDOR
Critical
GHSA-2pv8-4c52-mf8j
was published
for
code.vikunja.io/api
(Go)
Mar 26, 2026
srvx is vulnerable to middleware bypass via absolute URI in request line
Moderate
CVE-2026-33732
was published
for
srvx
(npm)
Mar 26, 2026
Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic
Moderate
CVE-2026-33726
was published
for
github.com/cilium/cilium
(Go)
Mar 26, 2026
n8n has SQL Injection in Data Table Node via orderByColumn Expression
High
CVE-2026-33713
was published
for
n8n
(npm)
Mar 26, 2026
n8n: Prototype Pollution in XML and GSuiteAdmin node parameters lead to RCE
Critical
CVE-2026-33696
was published
for
n8n
(npm)
Mar 26, 2026
Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation
Low
CVE-2026-4874
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 26, 2026
BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml
High
CVE-2026-33744
was published
for
bentoml
(pip)
Mar 26, 2026
n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no
Moderate
CVE-2026-33724
was published
for
n8n
(npm)
Mar 25, 2026
Saloon has a Fixture Name Path Traversal Vulnerability
Moderate
CVE-2026-33183
was published
for
saloonphp/saloon
(Composer)
Mar 25, 2026
Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL
Moderate
CVE-2026-33182
was published
for
saloonphp/saloon
(Composer)
Mar 25, 2026
n8n Has Authorization Bypass in OAuth Callback via N8N_SKIP_AUTH_ON_OAUTH_CALLBACK
Moderate
CVE-2026-33720
was published
for
n8n
(npm)
Mar 25, 2026
AVideo is Vulnerable to SQL Injection through Subscribe Endpoint via Unsanitized user_id Parameter
High
CVE-2026-33723
was published
for
wwbn/avideo
(Composer)
Mar 25, 2026
AVideo: Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-Assignment
High
CVE-2026-33719
was published
for
wwbn/avideo
(Composer)
Mar 25, 2026
OpenHands is Vulnerable to Command Injection through its Git Diff Handler
High
CVE-2026-33718
was published
for
openhands
(pip)
Mar 25, 2026
ProTip!
Advisories are also available from the
GraphQL API