Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

34 advisories

Loading
Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE Critical
CVE-2026-53633 was published for @vitest/browser (npm) Jun 15, 2026
OpenStack Mistral allows Arbitrary Remote Code Execution when the API is exposed Critical
CVE-2026-41283 was published for mistral (pip) Jun 4, 2026
OneUptime has Synthetic Monitor RCE via exposed Playwright browser object Critical
CVE-2026-30957 was published for @oneuptime/common (npm) Mar 10, 2026
maru1009 Credited to maru1009
OneUptime: Synthetic Monitor RCE via exposed Playwright browser object Critical
CVE-2026-30921 was published for @oneuptime/common (npm) Mar 7, 2026
maru1009 Credited to maru1009
Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise Critical
CVE-2026-26190 was published for github.com/milvus-io/milvus (Go) Feb 11, 2026
0x1f Credited to 0x1f and cookesan cookesan cookesan
Voltronic Power ViewPower UpsScheduler Exposed Dangerous Method Remote Code Execution... Critical Unreviewed
CVE-2023-51583 was published May 3, 2024
LangChain Experimental vulnerable to arbitrary code execution Critical
CVE-2024-27444 was published for langchain-experimental (pip) Feb 26, 2024
Duplicate Advisory: Privilege escalation in sap/cloud-security-client-go Critical
GHSA-92cg-ghq6-9587 was published for github.com/sap/cloud-security-client-go (Go) Dec 12, 2023 withdrawn
Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library Critical
GHSA-gcgw-q47m-prvj was published for com.sap.cloud.security.xsuaa:spring-xsuaa (Maven) Dec 12, 2023 withdrawn
Escalation of privileges in @sap/xssec Critical
CVE-2023-49583 was published for @sap/xssec (npm) Dec 12, 2023
leon-vg Credited to leon-vg
ProTip! Advisories are also available from the GraphQL API