GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
159,143 advisories
Pimcore has a WordExport Authorization Bypass for Unauthorized Document Export
Moderate
CVE-2026-45703
was published
for
pimcore/pimcore
(Composer)
May 27, 2026
AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username
Moderate
CVE-2026-45309
was published
for
asyncssh
(pip)
May 27, 2026
Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]
Moderate
CVE-2026-45075
was published
for
symfony/http-kernel
(Composer)
May 27, 2026
Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay
Moderate
CVE-2026-45074
was published
for
symfony/security-http
(Composer)
May 27, 2026
Symfony Vulnerable to SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix
Moderate
CVE-2026-45073
was published
for
symfony/cache
(Composer)
May 27, 2026
Symfony has Email Header Injection via Non-Token Characters in Mime Parameter Names
Moderate
CVE-2026-45070
was published
for
symfony/mime
(Composer)
May 27, 2026
Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing
Moderate
CVE-2026-45064
was published
for
symfony/html-sanitizer
(Composer)
May 27, 2026
CrowdSec LAPI: Denial of Service via Unbounded Gzip Decompression
Moderate
CVE-2026-44981
was published
for
github.com/crowdsecurity/crowdsec
(Go)
May 27, 2026
ProTip!
Advisories are also available from the
GraphQL API