Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

162,296 advisories

Loading
Paymenter has race condition in payWithCredit() that enables credit double-spend Moderate
CVE-2026-55219 was published for paymenter/paymenter (Composer) Jun 30, 2026
debibobo Credited to debibobo and CorwinDev CorwinDev CorwinDev
Twig: Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface` Moderate
CVE-2026-48808 was published for twig/twig (Composer) Jun 30, 2026
fabpot Credited to fabpot
Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters Moderate
CVE-2026-48807 was published for twig/twig (Composer) Jun 30, 2026
fabpot Credited to fabpot
Twig: Sandbox `__toString()` policy bypass via dynamic mapping keys Moderate
CVE-2026-48806 was published for twig/twig (Composer) Jun 30, 2026
fabpot Credited to fabpot
Sigstore Timestamp Authority has OOM due to unbounded metric label cardinality Moderate
CVE-2026-49835 was published for github.com/sigstore/timestamp-authority (Go) Jun 30, 2026
sondt99 Credited to sondt99
oban_web missing authorization check on `save-job` event handler Moderate
CVE-2026-48592 was published for oban_web (Erlang) Jun 30, 2026
PJUllrich Credited to PJUllrich, sorentwo, and maennchen sorentwo sorentwo
maennchen maennchen
oban_web: Unbounded range expansion in cron describe causes memory exhaustion Moderate
CVE-2026-48593 was published for oban_web (Erlang) Jun 30, 2026
PJUllrich Credited to PJUllrich, sorenone, and maennchen sorenone sorenone
maennchen maennchen
Probo has an open redirect bypass via path normalization Moderate
CVE-2026-49820 was published for go.probo.inc/probo (Go) Jun 30, 2026
Fushuling Credited to Fushuling
ProTip! Advisories are also available from the GraphQL API