Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

10 advisories

Loading
Statamic CMS: Missing authorization on Control Panel fieldtype endpoints allows disclosure of restricted resources Moderate
CVE-2026-49288 was published for statamic/cms (Composer) Jun 26, 2026
offset Credited to offset, Eszh, and geo-chen Eszh Eszh
geo-chen geo-chen
SurrealDB: Indexed ORDER BY leaks the value ordering of a SELECT-restricted field Moderate
GHSA-h4h3-3rfj-x6fq was published for surrealdb (Rust) Jun 19, 2026
geo-chen Credited to geo-chen
EverOS: Path traversal in EverOS /api/v1/memory/add via unvalidated sender_id High
GHSA-c795-2g9c-j48m was published for everos (pip) Jun 19, 2026
geo-chen Credited to geo-chen
Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF check High
CVE-2026-53755 was published for crawl4ai (pip) Jun 16, 2026
geo-chen Credited to geo-chen
Crawl4AI: LLM credential exfiltration in Docker server via request base_url and env: token resolution High
GHSA-f989-c77f-r2cq was published for crawl4ai (pip) Jun 16, 2026
geo-chen Credited to geo-chen
NocoDB: SQL Injection via Column Title in Bulk GroupBy Moderate
CVE-2026-47384 was published for nocodb (npm) Jun 5, 2026
geo-chen Credited to geo-chen
Stored XSS in REDAXO Moderate
CVE-2024-13209 was published for redaxo/source (Composer) Feb 10, 2025
geo-chen Credited to geo-chen
phpMyFAQ Vulnerable to Stored HTML Injection at FAQ Moderate
CVE-2024-56199 was published for phpmyfaq/phpmyfaq (Composer) Jan 2, 2025
geo-chen Credited to geo-chen
thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames Moderate
CVE-2024-55889 was published for thorsten/phpmyfaq (Composer) Dec 13, 2024
geo-chen Credited to geo-chen
phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available High
CVE-2024-54141 was published for thorsten/phpmyfaq (Composer) Dec 6, 2024
geo-chen Credited to geo-chen
ProTip! Advisories are also available from the GraphQL API