Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,652 advisories

Loading
Goploy: Cross-namespace IDOR and RCE via body-supplied row id in project and project_file handlers Critical
CVE-2026-53552 was published for github.com/zhenorzz/goploy (Go) Jul 7, 2026
tonghuaroot Credited to tonghuaroot
@better-auth/scim: Account/provider takeover via missing owner binding on non-org SCIM providers High
GHSA-j8v8-g9cx-5qf4 was published for @better-auth/scim (npm) Jul 7, 2026
Jvr2022 Credited to Jvr2022
EGroupware has a Remote Code Execution Vulnerability Critical
CVE-2026-27823 was published for egroupware/egroupware (Composer) Jul 7, 2026
realalphaman Credited to realalphaman
Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID High
CVE-2026-55429 was published for github.com/coder/coder/v2 (Go) Jul 6, 2026
OpenRemote has Cross-Realm User Information Disclosure in UserResourceImpl High
CVE-2026-54641 was published for io.openremote:openremote-manager (Maven) Jul 6, 2026
geo-chen Credited to geo-chen
ProTip! Advisories are also available from the GraphQL API