GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10 advisories
Daptin: SQL injection via unvalidated goqu.L() calls in aggregate API
High
CVE-2026-41422
was published
for
github.com/daptin/daptin
(Go)
Apr 22, 2026
Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths
High
CVE-2026-39320
was published
for
signalk-server
(npm)
Apr 21, 2026
wger has Broken Access Control in Global Gym Configuration Update Endpoint
High
CVE-2026-40474
was published
for
wger
(pip)
Apr 16, 2026
Signal K Server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow
Moderate
CVE-2026-34083
was published
for
signalk-server
(npm)
Apr 3, 2026
Signal K Server: Unauthenticated Source Priorities Manipulation
Moderate
CVE-2026-33951
was published
for
signalk-server
(npm)
Apr 3, 2026
Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity
Critical
CVE-2026-33950
was published
for
signalk-server
(npm)
Apr 3, 2026
Signal K Server: Arbitrary Prototype Read via `from` Field Bypass
Low
CVE-2026-35038
was published
for
signalk-server
(npm)
Apr 3, 2026
Ech0 has Unauthenticated Server-Side Request Forgery in Website Preview Feature
High
CVE-2026-35036
was published
for
github.com/lin-snow/ech0
(Go)
Apr 3, 2026
Vikunja’s Improper Access Control Enables Bypass of Administrator-Imposed Account Disablement
High
CVE-2026-33316
was published
for
code.vikunja.io/api
(Go)
Mar 20, 2026
Vikunja Vulnerable to Account Takeover via Password Reset Token Reuse
Critical
CVE-2026-28268
was published
for
code.vikunja.io/api
(Go)
Feb 28, 2026
ProTip!
Advisories are also available from the
GraphQL API