Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

3,716 advisories

Loading
Lechu69 Credited to Lechu69
Sylius: Channel-based payment method restriction bypass on shop account orders API endpoint Moderate
CVE-2026-53638 was published for sylius/sylius (Composer) Jul 9, 2026
FredrikEV Credited to FredrikEV
tarryGrain0 Credited to tarryGrain0 and Paul-Bob Paul-Bob Paul-Bob
Flask-Security-Too: WebAuthn reauthentication freshness bypass via cross-user assertion Moderate
GHSA-f66q-9rf6-8795 was published for Flask-Security-Too (pip) Jul 7, 2026
tonghuaroot Credited to tonghuaroot
Goploy: Cross-namespace IDOR and RCE via body-supplied row id in project and project_file handlers Critical
CVE-2026-53552 was published for github.com/zhenorzz/goploy (Go) Jul 7, 2026
tonghuaroot Credited to tonghuaroot
@better-auth/oauth-provider may provide access tokens for unauthorized audiences via unbound resource indicators Moderate
GHSA-p2fr-6hmx-4528 was published for @better-auth/oauth-provider (npm) Jul 7, 2026
dvanmali Credited to dvanmali
ProTip! Advisories are also available from the GraphQL API