GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7,083 advisories
Craft CMS has a Missing Authorization Check on User Group Removal via save-permissions Action
Moderate
GHSA-jq2f-59pj-p3m3
was published
for
craftcms/cms
(Composer)
Apr 14, 2026
Decidim's comments API allows access to all commentable resources
High
CVE-2026-40870
was published
for
decidim-api
(RubyGems)
Apr 14, 2026
Craft Commerce has an unauthenticated information disclosure that can leak some customer order data on anonymous payments
Low
CVE-2026-32270
was published
for
craftcms/commerce
(Composer)
Apr 14, 2026
Note Mark has Broken Access Control on Asset Download
Moderate
CVE-2026-40265
was published
for
github.com/enchant97/note-mark/backend
(Go)
Apr 13, 2026
paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass
Critical
GHSA-68qg-g8mg-6pr7
was published
for
@paperclipai/server
(npm)
Apr 10, 2026
goshs has a file-based ACL authorization bypass in goshs state-changing routes
Critical
CVE-2026-40189
was published
for
github.com/patrickhener/goshs
(Go)
Apr 10, 2026
Ech0's Missing Authorization on System Logs Allows Non-Admin Information Disclosure
Moderate
GHSA-w8jj-cwmc-wgq2
was published
for
github.com/lin-snow/ech0
(Go)
Apr 10, 2026
Ech0 Comment Panel Endpoints Missing RequireScopes Middleware — Scoped Access Token Bypass
Moderate
GHSA-fwg7-53p4-g33c
was published
for
github.com/lin-snow/ech0
(Go)
Apr 10, 2026
Ech0: Missing authorization on dashboard log endpoints allows low-privilege users to access sensitive system logs
Moderate
GHSA-cp79-9mwr-wr49
was published
for
github.com/lin-snow/ech0
(Go)
Apr 10, 2026
ProTip!
Advisories are also available from the
GraphQL API