GitHub Security Advisories (GHSA) are authoritative notices for vulnerable open-source packages and ecosystems (for example npm, PyPI, or Maven), usually with a linked CVE. Use the search box to find a GHSA or CVE, narrow by ecosystem or severity, or match phrases in the summary.
| GHSA | CVE | Severity | Type | Summary | Published |
|---|---|---|---|---|---|
| GHSA-p2wm-69qx-x25w | CVE-2026-13757 | medium | unreviewed | A flaw was found in p11-kit. The RPC message attribute parsing functions... | 2026-06-29 21:32:10 UTC |
| GHSA-xx75-4fhf-jf2w | CVE-2026-57947 | medium | unreviewed | Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook... | 2026-06-29 18:31:56 UTC |
| GHSA-x4g3-x4c9-rjf8 | CVE-2026-57958 | medium | unreviewed | Mixpost through 2.6.0 contains a reflected cross-site scripting vulnerability that allows... | 2026-06-29 18:31:56 UTC |
| GHSA-vq63-9qrm-qv35 | CVE-2026-57952 | medium | unreviewed | Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints ... | 2026-06-29 18:31:56 UTC |
| GHSA-vppr-73v3-3pc6 | CVE-2026-57946 | medium | unreviewed | Invidious before version 2.20260626.0 contains a broken access control vulnerability that allows... | 2026-06-29 18:31:56 UTC |
| GHSA-r39c-vf2w-53j7 | CVE-2026-57950 | high | unreviewed | ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control... | 2026-06-29 18:31:56 UTC |
| GHSA-pv3j-frmx-3v9q | CVE-2026-57949 | high | unreviewed | ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization... | 2026-06-29 18:31:56 UTC |
| GHSA-m75j-c5ff-9wh8 | CVE-2026-57959 | high | unreviewed | Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation... | 2026-06-29 18:31:56 UTC |
| GHSA-h37r-3qfp-73w6 | CVE-2026-57955 | high | unreviewed | SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers... | 2026-06-29 18:31:56 UTC |
| GHSA-f4g5-7fg3-8rw6 | CVE-2026-57948 | high | unreviewed | Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows... | 2026-06-29 18:31:56 UTC |
| GHSA-c4g4-fg7q-8p3c | CVE-2026-57954 | medium | unreviewed | Elide through 7.1.17 fails to enforce @ReadPermission on client-supplied sort expressions in... | 2026-06-29 18:31:56 UTC |
| GHSA-9f32-pf5h-p947 | CVE-2026-57951 | high | unreviewed | Mythic before 3.4.0.60 contains a broken hasura permission filter on the payload_build_step table... | 2026-06-29 18:31:56 UTC |
| GHSA-5v9v-qj76-f3m4 | CVE-2026-57960 | high | unreviewed | Hi.Events through 1.9.0 public check-in list endpoints use short_id as sole access control,... | 2026-06-29 18:31:56 UTC |
| GHSA-4cq7-5c7c-cc5r | CVE-2026-57957 | low | unreviewed | Papermark through 0.22.0 contains a cross-origin resource sharing (CORS) misconfiguration... | 2026-06-29 18:31:56 UTC |
| GHSA-3vgg-7h5g-62mm | CVE-2026-57956 | medium | unreviewed | SigNoz through 0.130.1 contains a broken access control vulnerability that allows authenticated... | 2026-06-29 18:31:56 UTC |
| GHSA-2mvr-4jqv-324m | CVE-2026-57953 | medium | unreviewed | Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated... | 2026-06-29 18:31:56 UTC |
| GHSA-xxw5-vgjv-jc6g | CVE-2026-13592 | medium | unreviewed | A vulnerability was detected in liftoff-sr CIPster up to e8e9dba09bf56962807d3504b783ccdb6287f3e4... | 2026-06-29 18:31:55 UTC |
| GHSA-vwxw-jrg6-9jxv | CVE-2026-11720 | critical | unreviewed | A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. ... | 2026-06-29 18:31:55 UTC |
| GHSA-r3g9-96ff-r4rp | CVE-2026-13590 | low | unreviewed | A security flaw has been discovered in seladb PcapPlusPlus 25.05. This impacts the function pcpp:... | 2026-06-29 18:31:55 UTC |
| GHSA-c3qp-4qxm-fwhr | CVE-2026-56780 | high | unreviewed | Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api... | 2026-06-29 18:31:55 UTC |