GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
5,229 advisories
LibreNMS has a Time-Based Blind SQL Injection in address-search.inc.php
High
CVE-2026-26990
was published
for
librenms/librenms
(Composer)
Feb 18, 2026
LibreNMS has a Stored XSS in Alert Rule
Moderate
CVE-2026-26989
was published
for
librenms/librenms
(Composer)
Feb 18, 2026
LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream.
High
CVE-2026-26988
was published
for
librenms/librenms
(Composer)
Feb 18, 2026
LibreNMS has a Stored XSS in Custom OID - unit parameter missing strip_tags()
Moderate
CVE-2026-27016
was published
for
librenms/librenms
(Composer)
Feb 18, 2026
LibreNMS /port-groups name Stored Cross-Site Scripting
Moderate
CVE-2026-26992
was published
for
librenms/librenms
(Composer)
Feb 18, 2026
LibreNMS /device-groups name Stored Cross-Site Scripting
Moderate
CVE-2026-26991
was published
for
librenms/librenms
(Composer)
Feb 18, 2026
Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization
Critical
CVE-2026-26016
was published
for
pterodactyl/panel
(Composer)
Feb 17, 2026
Pterodactyl Panel's SFTP sessions remain active after user account deletion or password change
High
GHSA-hr7j-63v7-vj7g
was published
for
github.com/pterodactyl/wings
(Composer)
Feb 17, 2026
Known affected by Account Takeover via Password Reset Token Leakage
Critical
CVE-2026-26273
was published
for
idno/known
(Composer)
Feb 13, 2026
MagicLink: Insecure Deserialization of MagicLink Actions Leads to Remote Code Execution
High
GHSA-r33w-fg8j-9c94
was published
for
cesargb/laravel-magiclink
(Composer)
Feb 12, 2026
Statamic CMS vulnerable to privilege escalation via stored cross-site scripting
High
CVE-2026-25759
was published
for
statamic/cms
(Composer)
Feb 11, 2026
Statamic CMS's missing authorization allows access to assets
Moderate
CVE-2026-25633
was published
for
statamic/cms
(Composer)
Feb 11, 2026
amphp/http-server affected by HTTP/2 DDoS vulnerability
Moderate
GHSA-8grv-jq2g-cfhw
was published
for
amphp/http-server
(Composer)
Feb 10, 2026
Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint
High
CVE-2026-25892
was published
for
vrana/adminer
(Composer)
Feb 10, 2026
FroshAdminer Adminer UI is accessible without admin session
Moderate
CVE-2026-25878
was published
for
frosh/adminer-platform
(Composer)
Feb 10, 2026
Craft CMS Vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior
High
CVE-2026-25498
was published
for
craftcms/cms
(Composer)
Feb 9, 2026
Craft CMS: GraphQL Asset Mutation Privilege Escalation
High
CVE-2026-25497
was published
for
craftcms/cms
(Composer)
Feb 9, 2026
Craft CMS Vulnerable to Stored XSS in Number Prefix & Suffix Fields
Moderate
CVE-2026-25496
was published
for
craftcms/cms
(Composer)
Feb 9, 2026
Craft CMS Vulnerable to SQL Injection in Element Indexes via `criteria[orderBy]`
High
CVE-2026-25495
was published
for
craftcms/cms
(Composer)
Feb 9, 2026
Craft CMS Vulnerable to SSRF in GraphQL Asset Mutation via Alternative IP Notation
Moderate
CVE-2026-25494
was published
for
craftcms/cms
(Composer)
Feb 9, 2026
Craft CMS Vulnerable to SSRF in GraphQL Asset Mutation via HTTP Redirect
Moderate
CVE-2026-25493
was published
for
craftcms/cms
(Composer)
Feb 9, 2026
ProTip!
Advisories are also available from the
GraphQL API