Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

2 advisories

Loading
@actual-app/sync-server: Disabled OpenID users keep access through existing session tokens High
CVE-2026-49229 was published for @actual-app/sync-server (npm) Jun 22, 2026
pyuysig Credited to pyuysig and MatissJanis MatissJanis MatissJanis
Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers High
CVE-2026-33318 was published for @actual-app/sync-server (npm) Apr 23, 2026
Rex50527 Credited to Rex50527 and MatissJanis MatissJanis MatissJanis
ProTip! Advisories are also available from the GraphQL API