Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

6,167 advisories

Loading
EGroupware Vulnerable to Local File Inclusion via file:// URI in Mail Compose Moderate
CVE-2026-45016 was published for egroupware/egroupware (Composer) Jul 7, 2026
smitocaru Credited to smitocaru
EGroupware has Authenticated RCE via Malicious eTemplate Upload High
CVE-2026-40187 was published for egroupware/egroupware (Composer) Jul 7, 2026
dapickle Credited to dapickle
EGroupware has a Remote Code Execution Vulnerability Critical
CVE-2026-27823 was published for egroupware/egroupware (Composer) Jul 7, 2026
realalphaman Credited to realalphaman
Craft CMS: Potential authenticated Remote Code Execution via referrer redirect High
CVE-2026-55794 was published for craftcms/cms (Composer) Jul 6, 2026
Craft CMS: Stored XSS via Structure entry title in table view Moderate
CVE-2026-55793 was published for craftcms/cms (Composer) Jul 6, 2026
Crypto-Cat Credited to Crypto-Cat
Craft CMS: Sensitive File Disclosure / Server-Side File Read Moderate
CVE-2026-55792 was published for craftcms/cms (Composer) Jul 6, 2026
smakarim Credited to smakarim
Craft CMS: DOM XSS via GitHub issue title in CraftSupport widget High
CVE-2026-55790 was published for craftcms/cms (Composer) Jul 6, 2026
Crypto-Cat Credited to Crypto-Cat
Susen2 Credited to Susen2
Formie Hidden field defaults vulnerable to Server-Side Template Injection Critical
CVE-2026-52889 was published for verbb/formie (Composer) Jul 6, 2026
Kimai Favorite Timesheet Add and Remove Endpoints Allows Cross-User Bookmark Manipulation Low
GHSA-j5mc-p8qg-39j7 was published for kimai/kimai (Composer) Jul 2, 2026
Mitchell45 Credited to Mitchell45
SimpleSAMLphp has Possible DoS via XPath Transform High
CVE-2026-49289 was published for simplesamlphp/saml2 (Composer) Jul 2, 2026
ahacker1-securesaml Credited to ahacker1-securesaml
SimpleSAMLphp HTTP-Artifact TLS validator confusion allows cross-IdP authentication bypass High
CVE-2026-49283 was published for simplesamlphp/saml2 (Composer) Jul 2, 2026
kamil-sawicki Credited to kamil-sawicki
Craft CMS Vulnerable to Unauthorized Deletion of Destination Folders During Forced Moves High
CVE-2026-50282 was published for craftcms/cms (Composer) Jul 2, 2026
davidbors-snyk Credited to davidbors-snyk and cataliniovita-snyk cataliniovita-snyk cataliniovita-snyk
Craft CMS's mass assignment via id in newAttributes during bulk duplicate overwrites existing elements High
CVE-2026-50281 was published for craftcms/cms (Composer) Jul 2, 2026
adrgs Credited to adrgs
Mautic has Stored Cross-Site Scripting (XSS) in Project Option Selector Moderate
CVE-2026-9811 was published for mautic/core (Composer) Jul 2, 2026
pavelkohout396 Credited to pavelkohout396, escopecz, patrykgruszka, and LeuchtfeuerDigitalMarketing escopecz escopecz
patrykgruszka patrykgruszka LeuchtfeuerDigitalMarketing LeuchtfeuerDigitalMarketing
Mautic has Stored Cross-Site Scripting (XSS) in Projects Component High
CVE-2026-9809 was published for mautic/core (Composer) Jul 2, 2026
34selen Credited to 34selen, escopecz, patrykgruszka, and LeuchtfeuerDigitalMarketing escopecz escopecz
patrykgruszka patrykgruszka LeuchtfeuerDigitalMarketing LeuchtfeuerDigitalMarketing
Mautic has an Authorization Bypass in API v2 Endpoints High
CVE-2026-9808 was published for mautic/core (Composer) Jul 2, 2026
zerlyer Credited to zerlyer, pavelkohout396, escopecz, patrykgruszka, and LeuchtfeuerDigitalMarketing pavelkohout396 pavelkohout396
escopecz escopecz patrykgruszka patrykgruszka LeuchtfeuerDigitalMarketing LeuchtfeuerDigitalMarketing
Mautic vulnerable to Path Traversal via Campaign Import Critical
CVE-2026-9559 was published for mautic/core (Composer) Jul 2, 2026
nglong05 Credited to nglong05, f3nrir77, escopecz, patrykgruszka, and LeuchtfeuerDigitalMarketing f3nrir77 f3nrir77
escopecz escopecz patrykgruszka patrykgruszka LeuchtfeuerDigitalMarketing LeuchtfeuerDigitalMarketing
Mautic has Server-Side Template Injection (SSTI) in Theme Templates Critical
CVE-2026-9558 was published for mautic/core (Composer) Jul 2, 2026
onurcangnc Credited to onurcangnc, xfer0, Entropt, patrykgruszka, escopecz, LeuchtfeuerDigitalMarketing, and NumberOreo1 xfer0 xfer0
Entropt Entropt patrykgruszka patrykgruszka escopecz escopecz LeuchtfeuerDigitalMarketing LeuchtfeuerDigitalMarketing NumberOreo1 NumberOreo1
Mautic Focus component Vulnerable to SSRF Moderate
CVE-2026-9557 was published for mautic/core (Composer) Jul 2, 2026
r1beirin Credited to r1beirin, patrykgruszka, dungNHVhust, and escopecz patrykgruszka patrykgruszka
dungNHVhust dungNHVhust escopecz escopecz
Mautic has SQL Injection in API Contact Filtering High
CVE-2026-4776 was published for mautic/core (Composer) Jul 2, 2026
Senku01 Credited to Senku01, Harish4948, patrykgruszka, and LeuchtfeuerDigitalMarketing Harish4948 Harish4948
patrykgruszka patrykgruszka LeuchtfeuerDigitalMarketing LeuchtfeuerDigitalMarketing
Froxlor customer can create MySQL databases on disallowed servers via Mysqls.add API Moderate
GHSA-q4rm-m6xh-5pv7 was published for froxlor/froxlor (Composer) Jul 2, 2026
offset Credited to offset
Froxlor: Authenticated customers can read other customers' allowed sender aliases Moderate
GHSA-mr9h-45p9-fg8h was published for froxlor/froxlor (Composer) Jul 2, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
ProTip! Advisories are also available from the GraphQL API