GitHub Security Advisories (GHSA) are authoritative notices for vulnerable open-source packages and ecosystems (for example npm, PyPI, or Maven), usually with a linked CVE. Use the search box to find a GHSA or CVE, narrow by ecosystem or severity, or match phrases in the summary.
| GHSA | CVE | Severity | Type | Summary | Published |
|---|---|---|---|---|---|
| GHSA-v4h4-747p-qjgx | CVE-2026-13483 | low | unreviewed | A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function... | 2026-06-28 09:31:48 UTC |
| GHSA-mh3f-459p-p84f | CVE-2026-13482 | low | unreviewed | A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function... | 2026-06-28 06:30:35 UTC |
| GHSA-wxvj-hc4r-fq45 | CVE-2026-58058 | medium | unreviewed | Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in... | 2026-06-28 03:33:41 UTC |
| GHSA-xrr7-82jr-v58x | CVE-2026-58055 | medium | unreviewed | nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a... | 2026-06-28 03:33:40 UTC |
| GHSA-vp3r-hwqm-x826 | CVE-2026-58056 | high | unreviewed | RustDesk gates incoming control messages on per-capability flags rather than on the session's... | 2026-06-28 03:33:40 UTC |
| GHSA-rqqr-m697-6jq3 | CVE-2026-58057 | low | unreviewed | Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a... | 2026-06-28 03:33:40 UTC |
| GHSA-mjxr-6gqf-w78h | CVE-2026-58049 | high | unreviewed | FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes... | 2026-06-28 03:33:40 UTC |
| GHSA-mf77-5hj2-98w9 | CVE-2026-58050 | high | unreviewed | libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey... | 2026-06-28 03:33:40 UTC |
| GHSA-fx33-p83c-vpr5 | CVE-2026-58052 | medium | unreviewed | 7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted... | 2026-06-28 03:33:40 UTC |
| GHSA-cvxv-xfvj-jmc4 | CVE-2026-58054 | high | unreviewed | MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when... | 2026-06-28 03:33:40 UTC |
| GHSA-c5f3-hwj2-xp5p | CVE-2026-58051 | high | unreviewed | libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize... | 2026-06-28 03:33:40 UTC |
| GHSA-8qf9-pc52-j7cm | CVE-2026-58053 | critical | unreviewed | Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container... | 2026-06-28 03:33:40 UTC |
| GHSA-hhrc-vf2p-x5h3 | CVE-2026-8095 | high | unreviewed | The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary... | 2026-06-28 00:30:56 UTC |
| GHSA-f3p8-j3ww-gvq7 | CVE-2026-49416 | unknown | unreviewed | The CONS_HISTORY ioctl handler did not adequately validate the requested history size. A large... | 2026-06-27 12:30:51 UTC |
| GHSA-wv47-9f7r-v6pj | CVE-2026-11783 | medium | unreviewed | The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay,... | 2026-06-27 09:30:37 UTC |
| GHSA-qq5h-jpgc-p42f | CVE-2026-13295 | medium | unreviewed | The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting... | 2026-06-27 09:30:37 UTC |
| GHSA-q2p3-v4q2-729h | CVE-2026-12471 | medium | unreviewed | The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability... | 2026-06-27 09:30:37 UTC |
| GHSA-pgr2-vvf9-xmqw | CVE-2026-12399 | medium | unreviewed | The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable... | 2026-06-27 09:30:37 UTC |
| GHSA-mxv8-m55g-xf4p | CVE-2026-3462 | medium | unreviewed | The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to... | 2026-06-27 09:30:37 UTC |
| GHSA-jxxc-m933-38gm | CVE-2026-9242 | medium | unreviewed | The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login... | 2026-06-27 09:30:37 UTC |