GitHub Security Advisories (GHSA) are authoritative notices for vulnerable open-source packages and ecosystems (for example npm, PyPI, or Maven), usually with a linked CVE. Use the search box to find a GHSA or CVE, narrow by ecosystem or severity, or match phrases in the summary.
| GHSA | CVE | Severity | Type | Summary | Published |
|---|---|---|---|---|---|
| GHSA-wvrh-2f4m-924v | — | medium | reviewed | ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer | 2026-06-19 22:08:08 UTC |
| GHSA-h3m5-97jq-qjrf | — | critical | reviewed | OpenRemote Manager: removeAlarms cross-realm IDOR (bulk delete) | 2026-06-19 21:43:17 UTC |
| GHSA-x975-rgx4-5fh4 | — | high | reviewed | appium-mcp: Unescaped Locator Data XSS in MCP-UI Resource (createLocatorGeneratorUI) | 2026-06-19 21:43:14 UTC |
| GHSA-c795-2g9c-j48m | — | high | reviewed | EverOS: Path traversal in EverOS /api/v1/memory/add via unvalidated sender_id | 2026-06-19 21:43:12 UTC |
| GHSA-v3f4-w7r7-v3hm | — | high | reviewed | Uni-CLI: Legacy HTTP MCP transport accepted browser-originated localhost requests | 2026-06-19 21:43:09 UTC |
| GHSA-6gqw-jqv7-v88m | — | high | reviewed | stigmem-node: decay sweep expires and counts facts across all tenants (cross-tenant BOLA) | 2026-06-19 21:43:02 UTC |
| GHSA-xhv3-q4xx-349r | — | high | reviewed | stistigmem-node: quarantine review surface exposes and mutates other tenants' quarantined facts (cross-tenant BOLA) | 2026-06-19 21:43:00 UTC |
| GHSA-x26h-xmv8-gxf7 | — | high | reviewed | stigmem-node: RTBF tombstones are mis-attributed and suppress reads tenant-blind (cross-tenant BOLA) | 2026-06-19 21:42:57 UTC |
| GHSA-6v7p-g79w-8964 | — | high | reviewed | MessagePack for Python: Out-of-bounds read / crash on Unpacker reuse after a caught error | 2026-06-19 21:42:55 UTC |
| GHSA-6vxv-wg6j-5qwp | — | high | reviewed | Gogs: XSS in .ipynb files renderer due to outdated notebookjs | 2026-06-19 21:42:52 UTC |
| GHSA-97pr-9hgg-3p8r | — | low | reviewed | parse-server: LiveQuery discloses object data to a subscriber across an ACL read-access change | 2026-06-19 21:42:48 UTC |
| GHSA-mrvx-jmjw-vggc | — | high | reviewed | SearXNG MCP Server: DNS-resolved Private Hostname SSRF in `web_url_read` | 2026-06-19 21:42:46 UTC |
| GHSA-xcqx-9jf5-w339 | — | high | reviewed | SearXNG MCP Server: Unbounded Response Body Read Bypasses URL Size Limit in `web_url_read` | 2026-06-19 21:42:43 UTC |
| GHSA-48x2-6pr9-2jjf | — | medium | reviewed | Network-AI: EnvironmentManager.restore() backup ID path traversal copies arbitrary directories into environment data | 2026-06-19 21:42:38 UTC |
| GHSA-6x2m-p4xp-wg22 | — | medium | reviewed | Network-AI: EnvironmentManager.backup() follows symlinked directories and copies files outside the environment root into backups | 2026-06-19 21:42:36 UTC |
| GHSA-mxjx-28vx-xjjj | — | medium | reviewed | Network-AI: ApprovalInbox HTTP server has no authentication — anyone can approve pending agent actions | 2026-06-19 21:42:32 UTC |
| GHSA-jvcm-f35g-w78p | — | medium | reviewed | Network-AI: AgentRuntime sandbox path-prefix checks allow file access outside the configured base directory | 2026-06-19 21:42:29 UTC |
| GHSA-2fmp-9rvw-hc96 | — | high | reviewed | Network-AI: Poisoned environment backup manifest allows arbitrary recursive deletion during backup pruning | 2026-06-19 21:42:26 UTC |
| GHSA-9c83-rr99-vfwj | — | medium | reviewed | MCPVault: PathFilter restricted directories (.git/.obsidian/node_modules) only denied at vault root, not nested | 2026-06-19 21:42:24 UTC |
| GHSA-h5jc-78hr-3pc9 | — | low | reviewed | Sveltia CMS: Stored XSS in Markdown/RichText preview via unsandboxed same-origin iframe | 2026-06-19 21:42:20 UTC |