GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7 advisories
Mailpit: Unauthenticated remote memory-exhaustion DoS via unlimited SMTP DATA and /api/v1/send body sizes
High
CVE-2026-45713
was published
for
github.com/axllent/mailpit
(Go)
May 19, 2026
Mailpit: Concurrent map read & write in proxy CSS rewriter - remote unauth crash (fatal error: concurrent map read and map write)
Moderate
CVE-2026-45712
was published
for
github.com/axllent/mailpit
(Go)
May 19, 2026
Mailpit: Path traversal & arbitrary file write in mailpit dump --http via attacker-controlled message IDs
Moderate
CVE-2026-45711
was published
for
github.com/axllent/mailpit
(Go)
May 19, 2026
Open WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code Execution
High
CVE-2026-45395
was published
for
open-webui
(npm)
May 14, 2026
wger: Privilege escalation via trainer-login session chaining allows gym trainer to impersonate gym manager
High
CVE-2026-43978
was published
for
wger
(pip)
May 14, 2026
wger Vulnerable to IDOR: Authenticated Users Can Read Any User's Private Workout Session Data via Template Routine API
High
CVE-2026-43977
was published
for
wger
(pip)
May 14, 2026
wger has an Uncontrolled Resource Consumption issue
Moderate
GHSA-v25j-wqcw-fvhj
was published
for
wger
(pip)
May 13, 2026
ProTip!
Advisories are also available from the
GraphQL API