GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
16,336 advisories
OpenC3 COSMOS: Permissions Bypass Provides User Access to Unassigned Administrative Actions via Script Runner Tool
Critical
GHSA-2wvh-87g2-89hr
was published
for
openc3
(RubyGems)
Apr 23, 2026
OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database
Critical
GHSA-v529-vhwc-wfc5
was published
for
openc3
(RubyGems)
Apr 23, 2026
OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender
Moderate
GHSA-ffq5-qpvf-xq7x
was published
for
openc3
(RubyGems)
Apr 22, 2026
OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames
Moderate
GHSA-4jvx-93h3-f45h
was published
for
openc3
(RubyGems)
Apr 22, 2026
OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence
High
GHSA-wgx6-g857-jjf7
was published
for
openc3
(RubyGems)
Apr 22, 2026
OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle
Moderate
CVE-2026-41511
was published
for
OpenMcdf
(NuGet)
Apr 22, 2026
Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write
High
GHSA-r466-rxw4-3j9j
was published
for
@evomap/evolver
(npm)
Apr 22, 2026
Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution
Critical
GHSA-j5w5-568x-rq53
was published
for
@evomap/evolver
(npm)
Apr 22, 2026
Evolver has Prototype Pollution via `Object.assign()` in its mailbox store operations
Moderate
GHSA-2cjr-5v3h-v2w4
was published
for
@evomap/evolver
(npm)
Apr 22, 2026
justhtml has sanitization bypass in custom policies and programmatic DOM
Moderate
GHSA-vrx2-77f2-ww34
was published
for
justhtml
(pip)
Apr 22, 2026
uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided
Moderate
GHSA-w5hq-g745-h8pq
was published
for
uuid
(npm)
Apr 22, 2026
MCPHub has Path Traversal via Malicious MCPB Manifest Name
High
GHSA-p3h2-2j4p-p83g
was published
for
@samanhappy/mcphub
(npm)
Apr 22, 2026
Gitea has insecure default SSH settings
Moderate
GHSA-3m6q-h5gj-7mrw
was published
for
code.gitea.io/gitea
(Go)
Apr 22, 2026
Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)
Moderate
GHSA-xjvc-pw2r-6878
was published
for
flarum/core
(Composer)
Apr 22, 2026
ProTip!
Advisories are also available from the
GraphQL API