Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

12 advisories

Loading
phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available High
CVE-2024-54141 was published for thorsten/phpmyfaq (Composer) Dec 6, 2024
geo-chen Credited to geo-chen
Stored XSS in REDAXO Moderate
CVE-2024-13209 was published for redaxo/source (Composer) Feb 10, 2025
geo-chen Credited to geo-chen
phpMyFAQ Vulnerable to Stored HTML Injection at FAQ Moderate
CVE-2024-56199 was published for phpmyfaq/phpmyfaq (Composer) Jan 2, 2025
geo-chen Credited to geo-chen
thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames Moderate
CVE-2024-55889 was published for thorsten/phpmyfaq (Composer) Dec 13, 2024
geo-chen Credited to geo-chen
NocoDB: SQL Injection via Column Title in Bulk GroupBy Moderate
CVE-2026-47384 was published for nocodb (npm) Jun 5, 2026
geo-chen Credited to geo-chen
Crawl4AI: LLM credential exfiltration in Docker server via request base_url and env: token resolution High
GHSA-f989-c77f-r2cq was published for crawl4ai (pip) Jun 16, 2026
geo-chen Credited to geo-chen
Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF check High
CVE-2026-53755 was published for crawl4ai (pip) Jun 16, 2026
geo-chen Credited to geo-chen
EverOS: Path traversal in EverOS /api/v1/memory/add via unvalidated sender_id High
GHSA-c795-2g9c-j48m was published for everos (pip) Jun 19, 2026
geo-chen Credited to geo-chen
SurrealDB: Indexed ORDER BY leaks the value ordering of a SELECT-restricted field Moderate
GHSA-h4h3-3rfj-x6fq was published for surrealdb (Rust) Jun 19, 2026
geo-chen Credited to geo-chen
Statamic CMS: Missing authorization on Control Panel fieldtype endpoints allows disclosure of restricted resources Moderate
CVE-2026-49288 was published for statamic/cms (Composer) Jun 26, 2026
offset Credited to offset, Eszh, and geo-chen Eszh Eszh
geo-chen geo-chen
OpenRemote has Cross-Realm User Information Disclosure in UserResourceImpl High
CVE-2026-54641 was published for io.openremote:openremote-manager (Maven) Jul 6, 2026
geo-chen Credited to geo-chen
SiYuan: Unauthenticated SQLite Data Exfiltration via Template Injection in /api/icon/getDynamicIcon Moderate
CVE-2026-54068 was published for github.com/siyuan-note/siyuan/kernel (Go) Jul 10, 2026
geo-chen Credited to geo-chen
ProTip! Advisories are also available from the GraphQL API