GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,119 advisories
Craft Commerce has an unauthenticated information disclosure that can leak some customer order data on anonymous payments
Low
CVE-2026-32270
was published
for
craftcms/commerce
(Composer)
Apr 14, 2026
Wasmtime has host data leakage with 64-bit tables and Winch
Low
CVE-2026-34945
was published
for
wasmtime
(Rust)
Apr 9, 2026
Signal K Server: Arbitrary Prototype Read via `from` Field Bypass
Low
CVE-2026-35038
was published
for
signalk-server
(npm)
Apr 3, 2026
Nhost Leaks Refresh Tokens via URL Query Parameter in OAuth Provider Callback
Low
CVE-2026-34969
was published
for
github.com/nhost/nhost
(Go)
Apr 1, 2026
AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect
Low
CVE-2026-34518
was published
for
aiohttp
(pip)
Apr 1, 2026
Craft CMS: Authorized asset "preview file" requests bypass allows users without asset access to retrieve private preview metadata
Low
GHSA-44px-qjjc-xrhq
was published
for
craftcms/cms
(Composer)
Mar 26, 2026
Craft CMS' anonymous "assets/image-editor" calls return private asset editor metadata to unauthorized users
Low
CVE-2026-33161
was published
for
craftcms/cms
(Composer)
Mar 24, 2026
ProTip!
Advisories are also available from the
GraphQL API