Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

11 advisories

Loading
Gogs: LFS dedupe path leaks private repo content across tenants High
CVE-2026-52812 was published for gogs.io/gogs (Go) Jun 23, 2026
amwhoi Credited to amwhoi
Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym Critical
CVE-2026-52811 was published for gogs.io/gogs (Go) Jun 23, 2026
amwhoi Credited to amwhoi
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns High
CVE-2026-53853 was published for openclaw (npm) Jun 18, 2026
amwhoi Credited to amwhoi
Gotenberg has path traversal in zip entry name via Windows-style separators in upload filename High
CVE-2026-44829 was published for github.com/gotenberg/gotenberg/v8 (Go) May 29, 2026
amwhoi Credited to amwhoi
electerm's encrypt method not safe enough Moderate
CVE-2026-45787 was published for electerm (npm) May 14, 2026
amwhoi Credited to amwhoi
Electerm Local code through electerm's single-instance socket Critical
CVE-2026-45353 was published for electerm (npm) May 14, 2026
amwhoi Credited to amwhoi
amwhoi Credited to amwhoi
PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection Critical
CVE-2026-44336 was published for PraisonAI (pip) May 11, 2026
amwhoi Credited to amwhoi
SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585) Critical
CVE-2026-44588 was published for github.com/siyuan-note/siyuan/kernel (Go) May 8, 2026
amwhoi Credited to amwhoi
Electerm users can run dangrous code through link or command line Critical
CVE-2026-43944 was published for electerm (npm) May 8, 2026
amwhoi Credited to amwhoi
SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE Critical
CVE-2026-44670 was published for github.com/siyuan-note/siyuan/kernel (Go) May 8, 2026
amwhoi Credited to amwhoi
ProTip! Advisories are also available from the GraphQL API