GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7 advisories
Flowise: Sensitive Data Leak in public-chatbotConfig
High
GHSA-4jpm-cgx2-8h37
was published
for
flowise
(npm)
Apr 16, 2026
Directus Vulnerable to User Enumeration via Password Reset Timing Attack
Moderate
CVE-2026-26185
was published
for
@directus/api
(npm)
Feb 12, 2026
Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion
Low
CVE-2026-23522
was published
for
@lobehub/chat
(npm)
Jan 20, 2026
Arcane Has a Command Injection in Arcane Updater Lifecycle Labels That Enables RCE
Critical
CVE-2026-23520
was published
for
github.com/getarcaneapp/arcane/backend
(Go)
Jan 15, 2026
Bagisto has IDOR in Customer Order Reorder Functionality
High
CVE-2026-21447
was published
for
bagisto/bagisto
(Composer)
Jan 2, 2026
YOURLS is vulnerable to XSS through JSONP and Callback request parameters
High
GHSA-6mp4-q625-mxjp
was published
for
yourls/yourls
(Composer)
Dec 30, 2025
PsiTransfer has Zip Slip Path Traversal via TAR Archive Download
High
GHSA-xphh-5v4r-r3rx
was published
for
psitransfer
(npm)
Dec 30, 2025
ProTip!
Advisories are also available from the
GraphQL API