GitHub Security Advisories

GitHub Security Advisories (GHSA) are authoritative notices for vulnerable open-source packages and ecosystems (for example npm, PyPI, or Maven), usually with a linked CVE. Use the search box to find a GHSA or CVE, narrow by ecosystem or severity, or match phrases in the summary.

Showing 2140 of 6172 advisories
«« First « Prev Page 2 / 309 Next »
GHSA CVE Severity Type Summary Published
GHSA-pj8j-p4g4-4vw8 CVE-2026-49865 medium reviewed Kimai has Server-Side Request Forgery in Invoice PDF Rendering via Markdown Image URLs 2026-07-10 16:04:40 UTC
GHSA-pjhx-3c3w-9v23 CVE-2026-49858 medium reviewed API Platform Core vulnerable to cross-user attribute leak in JSON:API and HAL item normalizers due to missing isCacheKeySafe gate 2026-07-10 14:32:01 UTC
GHSA-mr9r-h354-966r CVE-2026-53639 medium reviewed Sylius: IDOR on Shop Payment Request API endpoints 2026-07-09 21:03:51 UTC
GHSA-6955-hrm5-c4qp CVE-2026-53638 medium reviewed Sylius: Channel-based payment method restriction bypass on shop account orders API endpoint 2026-07-09 21:03:46 UTC
GHSA-5597-7rmh-97q5 CVE-2026-53637 medium reviewed Sylius: Cart FormComponent allows modification or deletion of an already-completed order 2026-07-09 21:03:41 UTC
GHSA-px5m-h76g-p7p8 CVE-2026-52778 critical reviewed YesWiki has Unsafe eval() in its Formula Calculato, Leading to Remote Code Execution & Denial of Service 2026-07-09 21:03:04 UTC
GHSA-9369-69wj-7m2f CVE-2026-52777 critical reviewed YesWiki Vulnerable to Authenticated PHP Object Injection in BazarImportAction via unserialize 2026-07-09 21:02:58 UTC
GHSA-4pf7-cc4r-g63h CVE-2026-52775 high reviewed YesWiki has Authenticated SQL Injection via ReactionManager 2026-07-09 21:02:40 UTC
GHSA-r5xw-gcgw-hwp5 CVE-2026-52774 medium reviewed YesWiki Vulnerable to Reflected XSS via Unescaped `id` Parameter in Bazar Widget HTML Attributes 2026-07-09 21:01:10 UTC
GHSA-35f3-pg38-486f CVE-2026-52773 medium reviewed YesWiki Vulnerable to Reflected XSS via Unescaped Archived-Revision `time` Parameter in `handlers/page/show.php` 2026-07-09 21:00:55 UTC
GHSA-xc7j-3g8q-9vh4 CVE-2026-52772 medium reviewed YesWiki has stored XSS in Bazar form-field templates via unescaped field.label / field.hint (|raw('html')) 2026-07-09 21:00:33 UTC
GHSA-8f2v-2qhj-gfwg CVE-2026-52771 high reviewed YesWiki: Second-Order SQL Injection in Page Delete API via Unescaped Page Tag (`ApiController::deletePage`) 2026-07-09 21:00:14 UTC
GHSA-qg78-vmvc-fhjw CVE-2026-52770 high reviewed YesWiki: SQL Injection possible through public Bazar entry-listing APIs via numeric `query`/`queries` filters 2026-07-09 21:00:05 UTC
GHSA-vw42-752g-5mrp CVE-2026-52769 high reviewed YesWiki has Unauthenticated Server-Side Request Forgery via ActivityPub `Signature.keyId` 2026-07-09 20:58:33 UTC
GHSA-mv28-wj57-f57g CVE-2026-52767 high reviewed YesWiki Vulnerable to Unauthenticated ActivityPub Signature-Verification Bypass via `!openssl_verify(...)` accepting `int(-1)` 2026-07-09 20:58:12 UTC
GHSA-6x7x-gcmf-7r8x CVE-2026-52766 critical reviewed YesWiki vulnerable to unauthenticated arbitrary page deletion via `{{erasespamedcomments}}` action 2026-07-09 20:57:25 UTC
GHSA-89v6-j5x6-cmj3 CVE-2026-52763 medium reviewed YesWiki: SQL injection via the `recentchanges` action `period` argument leads to arbitrary DB read 2026-07-09 20:54:46 UTC
GHSA-65p8-9433-jpcp CVE-2026-52762 high reviewed YesWiki: Authenticated (Admin) Server-Side Template Injection to Remote Code Execution via Bazar Semantic Templates 2026-07-09 20:54:23 UTC
GHSA-w9mx-xmg4-gc4r CVE-2026-53932 high reviewed laravel-backup-restore has an OS Command Injection during database restore 2026-07-09 20:52:57 UTC
GHSA-hm42-q32m-vj4f CVE-2026-53760 medium reviewed Admidio: CSRF on Plugin Install, Uninstall, and Update via Unprotected GET Requests 2026-07-09 13:44:40 UTC
«« First « Prev Page 2 / 309 Next »
cvelogic Threat Intelligence