GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,161 advisories
Parse Server's LiveQuery bypasses CLP pointer permission enforcement
High
CVE-2026-33421
was published
for
parse-server
(npm)
Mar 20, 2026
etcd: Nested etcd transactions bypass RBAC authorization checks
Low
CVE-2026-33343
was published
for
go.etcd.io/etcd
(Go)
Mar 20, 2026
Vikunja’s Improper Access Control Enables Bypass of Administrator-Imposed Account Disablement
High
CVE-2026-33316
was published
for
code.vikunja.io/api
(Go)
Mar 20, 2026
@keystone-6/core: `isFilterable` bypass via `cursor` parameter in findMany (CVE-2025-46720 incomplete fix)
Moderate
CVE-2026-33326
was published
for
@keystone-6/core
(npm)
Mar 19, 2026
Zitadel is missing enforcement of organization scopes
Moderate
CVE-2026-33132
was published
for
github.com/zitadel/zitadel
(Go)
Mar 18, 2026
Heimdall: Path received via Envoy gRPC corrupted when containing query string
High
CVE-2026-32811
was published
for
github.com/dadrus/heimdall
(Go)
Mar 18, 2026
File Browser has an Authorization Policy Bypass in Public Share Download Flow
Moderate
CVE-2026-32761
was published
for
https://github.com/filebrowser/filebrowser
(Go)
Mar 18, 2026
Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier)
Moderate
CVE-2026-32947
was published
for
step-security/harden-runner
(GitHub Actions)
Mar 17, 2026
Egress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier)
Moderate
CVE-2026-32946
was published
for
step-security/harden-runner
(GitHub Actions)
Mar 17, 2026
File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter
Moderate
CVE-2026-32758
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Mar 16, 2026
SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API
Critical
CVE-2026-32767
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 16, 2026
ProTip!
Advisories are also available from the
GraphQL API