GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10 advisories
Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API
High
CVE-2026-30932
was published
for
froxlor/froxlor
(Composer)
Mar 24, 2026
Craft CMS vulnerable to behavior injection RCE via EntryTypesController
High
CVE-2026-32263
was published
for
craftcms/cms
(Composer)
Mar 16, 2026
AzuraCast: RCE via Liquidsoap string interpolation injection in station metadata and playlist URLs
High
GHSA-93fx-5qgc-wr38
was published
for
azuracast/azuracast
(Composer)
Mar 9, 2026
Lemmy has unauthenticated SSRF via file_type query parameter injection in image endpoint
High
CVE-2026-29178
was published
for
lemmy_routes
(Rust)
Mar 4, 2026
OpenClaw browser navigation guard allowed non-network URL schemes, enabling authenticated browser-tool users to access file:// local files
Moderate
CVE-2026-32008
was published
for
openclaw
(npm)
Mar 3, 2026
NocoDB Vulnerable to SQL Injection via DATEADD Formula
Moderate
CVE-2026-28399
was published
for
nocodb
(npm)
Mar 3, 2026
BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction
High
CVE-2026-27905
was published
for
bentoml
(pip)
Mar 3, 2026
@actual-app/sync-server: Missing authorization in sync endpoints allows cross-user budget file access in multi-user mode
Moderate
CVE-2026-27638
was published
for
@actual-app/sync-server
(npm)
Feb 27, 2026
Mautic is Vulnerable to SQL Injection through Contact Activity API Sorting
High
CVE-2026-3105
was published
for
mautic/core
(Composer)
Feb 25, 2026
Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause
Moderate
CVE-2026-27461
was published
for
pimcore/pimcore
(Composer)
Feb 24, 2026
ProTip!
Advisories are also available from the
GraphQL API