Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

151 advisories

Loading
Craft CMS's mass assignment via id in newAttributes during bulk duplicate overwrites existing elements High
CVE-2026-50281 was published for craftcms/cms (Composer) Jul 2, 2026
adrgs Credited to adrgs
jackson-databind's renamed @JsonIgnore'd setters can deserialize via private fields Moderate
CVE-2026-54516 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 23, 2026
omkhar Credited to omkhar
jackson-databind has case-insensitive deserialization bypasses per-property @JsonIgnoreProperties Moderate
CVE-2026-54515 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 23, 2026
omkhar Credited to omkhar, pjfanning, snieguu, and ataillefer pjfanning pjfanning
snieguu snieguu ataillefer ataillefer
Budibase: Mass Assignment in Webhook Trigger Allows Cross-Workspace Automation Execution via appId Override High
CVE-2026-54351 was published for @budibase/server (npm) Jun 22, 2026
offset Credited to offset
flat-to-nested: Prototype pollution in flat-to-nested convert() via __proto__ parent/id key High
CVE-2026-55091 was published for flat-to-nested (npm) Jun 19, 2026
moizxsec Credited to moizxsec
Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign Critical
CVE-2026-48150 was published for @budibase/server (npm) Jun 12, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
ibondarenko1 Credited to ibondarenko1
berkdedekarginoglu Credited to berkdedekarginoglu
Drupal core allows Object Injection Moderate
CVE-2026-6366 was published for drupal/core (Composer) May 20, 2026
yantongggg Credited to yantongggg
amwhoi Credited to amwhoi
FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover High
CVE-2026-46480 was published for flowise (npm) May 14, 2026
offset Credited to offset
FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover High
CVE-2026-46479 was published for flowise (npm) May 14, 2026
offset Credited to offset
FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover High
CVE-2026-46478 was published for flowise (npm) May 14, 2026
offset Credited to offset
FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover High
CVE-2026-46477 was published for flowise (npm) May 14, 2026
offset Credited to offset
offset Credited to offset
FlowiseAI: Assistant create+update mass-assignment allows cross-workspace assistant takeover High
CVE-2026-46475 was published for flowise (npm) May 14, 2026
offset Credited to offset
berkdedekarginoglu Credited to berkdedekarginoglu
berkdedekarginoglu Credited to berkdedekarginoglu
berkdedekarginoglu Credited to berkdedekarginoglu
ProTip! Advisories are also available from the GraphQL API