Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

4,387 advisories

Loading
Flask-Security-Too: WebAuthn reauthentication freshness bypass via cross-user assertion Moderate
GHSA-f66q-9rf6-8795 was published for Flask-Security-Too (pip) Jul 7, 2026
tonghuaroot Credited to tonghuaroot
Better Auth has an account takeover issue via OAuth auto-link to unverified pre-registered email High
CVE-2026-53516 was published for better-auth (npm) Jul 7, 2026
avrmeduard Credited to avrmeduard
widavies Credited to widavies
Better Auth: OAuth refresh-token replay via missing client authentication on oidc-provider and mcp plugins Critical
CVE-2026-53512 was published for better-auth (npm) Jul 7, 2026
subhanUmer Credited to subhanUmer
Coder vulnerable to OIDC account takeover via email-based user matching and email_verified bypass High
CVE-2026-55075 was published for github.com/coder/coder/v2 (Go) Jul 6, 2026
Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking High
CVE-2026-55076 was published for github.com/coder/coder/v2 (Go) Jul 6, 2026
A vulnerability was found in jairiidriss restaurant-website-php-mysql up to... Moderate Unreviewed
CVE-2026-14622 was published Jul 4, 2026
fast-mcp-telegram: Bearer token path traversal bypasses reserved Telegram session protection Critical
CVE-2026-52830 was published for fast-mcp-telegram (pip) Jul 2, 2026
DavidCarliez Credited to DavidCarliez
tonghuaroot Credited to tonghuaroot
OpenClaw: Control UI locality spoofing could mint a durable admin device token High
CVE-2026-53817 was published for openclaw (npm) Jul 2, 2026
cantinagen Credited to cantinagen
OpenClaw: Same-host trusted-proxy deployments could accept local forged identity headers High
GHSA-rggc-m335-3wvj was published for openclaw (npm) Jul 2, 2026
cantinagen Credited to cantinagen and Ellahinator Ellahinator Ellahinator
Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public... High Unreviewed
CVE-2026-56219 was published Jul 1, 2026
ProTip! Advisories are also available from the GraphQL API