Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

9,088 advisories

Loading
Kimai: Login CSRF in the Timesheet Stop and Restart API Endpoints Allows Unauthorized State Changes Moderate
CVE-2026-52823 was published for kimai/kimai (Composer) Jul 14, 2026
Mitchell45 Credited to Mitchell45
Kimai: Login CSRF in Default Team Creation Endpoints Allows Unauthorized Team and Permission Structure Changes Moderate
CVE-2026-49992 was published for kimai/kimai (Composer) Jul 13, 2026
Mitchell45 Credited to Mitchell45
YesWiki Vulnerable to Authenticated PHP Object Injection in BazarImportAction via unserialize Critical
CVE-2026-52777 was published for yeswiki/yeswiki (Composer) Jul 9, 2026
fg0x0 Credited to fg0x0
Admidio: CSRF on Plugin Install, Uninstall, and Update via Unprotected GET Requests Moderate
CVE-2026-53760 was published for admidio/admidio (Composer) Jul 9, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Goh3st Credited to Goh3st
Waku: Cross-Origin CSRF on RSC Server Action Dispatch Moderate
CVE-2026-49455 was published for waku (npm) Jul 8, 2026
j0hndo Credited to j0hndo
Joro: Unauthenticated Cross-Origin Plugin Upload Leads to RCE Critical
CVE-2026-53649 was published for github.com/BishopFox/joro (Go) Jul 8, 2026
stover-BF Credited to stover-BF
ha-mcp: Add-on settings and policy routes are reachable without authentication at the bare root path Moderate
GHSA-q855-8rh5-jfgq was published for ha-mcp (pip) Jul 7, 2026
bharat Credited to bharat
New API is vulnerable to CSRF through user email binding Moderate
CVE-2026-44342 was published for github.com/QuantumNous/new-api (Go) Jul 7, 2026
kyo-w Credited to kyo-w
ProTip! Advisories are also available from the GraphQL API