Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

2,268 advisories

Loading
chdanielmueller Credited to chdanielmueller
Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption High
CVE-2026-53517 was published for @better-auth/oauth-provider (npm) Jul 7, 2026
chdanielmueller Credited to chdanielmueller
mkdir: -m exposes directory with umask perms before chmod (race window) Low
CVE-2026-35353 was published for uu_mkdir (Rust) Jul 6, 2026
goshs: Share-link ?token=… redemption races past download limit Moderate
CVE-2026-50139 was published for goshs.de/goshs/v2 (Go) Jul 1, 2026
black-shadow-007 Credited to black-shadow-007
SurrealDB: HTTP RPC Session Race Condition Allows Privilege Escalation High
GHSA-4vgr-h27g-cf9p was published for surrealdb (Rust) Jul 1, 2026
addcontent Credited to addcontent
Paymenter has race condition in payWithCredit() that enables credit double-spend Moderate
CVE-2026-55219 was published for paymenter/paymenter (Composer) Jun 30, 2026
debibobo Credited to debibobo and CorwinDev CorwinDev CorwinDev
Filament: Multi-factor authentication (app) recovery codes can still be used multiple times via concurrent submission High
CVE-2026-48505 was published for filament/filament (Composer) Jun 25, 2026
StarPlatinu Credited to StarPlatinu and danharrin danharrin danharrin
OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command Contamination High
CVE-2026-48708 was published for github.com/OliveTin/OliveTin (Go) Jun 24, 2026
knight-yagami Credited to knight-yagami
CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution Moderate
CVE-2026-54778 was published for CoreWCF.UnixDomainSocket (NuGet) Jun 19, 2026
ProTip! Advisories are also available from the GraphQL API