Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

421 advisories

Loading
Anyquery: Local File Read (LFR) via Unrestricted SQLite Virtual Table Modules in Server Mode High
CVE-2026-54629 was published for github.com/julien040/anyquery (Go) Jul 14, 2026
Metincloup Credited to Metincloup
Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF)... Moderate Unreviewed
CVE-2026-40564 was published May 26, 2026
Algernon: handler.lua discovery walks parent directories above the server root Critical
CVE-2026-45721 was published for github.com/xyproto/algernon (Go) May 19, 2026
Dredsen Credited to Dredsen
Home Assistant MCP Server: YAML config backups written under www/ are served unauthenticated at /local/ Moderate
GHSA-g39v-cvjh-8fpf was published for ha-mcp (pip) May 14, 2026
bharat Credited to bharat
Grafana: SQL Expressions Read File From Disk Moderate
CVE-2026-33380 was published for github.com/grafana/grafana (Go) May 13, 2026
Files or directories accessible to external parties in Microsoft Office Word allows an... Moderate Unreviewed
CVE-2026-35440 was published May 12, 2026
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion... Critical Unreviewed
CVE-2026-31215 was published May 12, 2026
Dalfox Server Mode has an Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file` High
CVE-2026-45088 was published for github.com/hahwul/dalfox/v2 (Go) May 12, 2026
@axonflow/openclaw fix introduces plugin cache and credential-file permission hardening Moderate
GHSA-cqmh-pcgr-q42f was published for @axonflow/openclaw (npm) May 6, 2026
ProTip! Advisories are also available from the GraphQL API