GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7 advisories
Ech0: Missing authorization on dashboard log endpoints allows low-privilege users to access sensitive system logs
Moderate
GHSA-cp79-9mwr-wr49
was published
for
github.com/lin-snow/ech0
(Go)
Apr 10, 2026
Ech0: Scoped admin access tokens can bypass least-privilege controls on privileged endpoints, including backup export
High
GHSA-4h9q-p5j4-xvvh
was published
for
github.com/lin-snow/ech0
(Go)
Apr 10, 2026
OpenClaw: Shared reply MEDIA - paths are treated as trusted and can trigger cross-channel local file exfiltration
Moderate
GHSA-qqq7-4hxc-x63c
was published
for
openclaw
(npm)
Apr 9, 2026
WWBN AVideo has an Allowlisted downloadURL media extensions bypass SSRF protection and enable internal response exfiltration (Incomplete fix for CVE-2026-27732)
High
CVE-2026-39370
was published
for
WWBN/AVideo
(Composer)
Apr 8, 2026
WWBN AVideo's GIF poster fetch bypasses traversal scrubbing and exposes local files through public media URLs
High
CVE-2026-39369
was published
for
WWBN/AVideo
(Composer)
Apr 8, 2026
WWBN AVideo has a Live restream log callback flow enabling stored SSRF to internal services
Moderate
CVE-2026-39368
was published
for
WWBN/AVideo
(Composer)
Apr 8, 2026
lodash vulnerable to Code Injection via `_.template` imports key names
High
CVE-2026-4800
was published
for
lodash
(npm)
Apr 1, 2026
ProTip!
Advisories are also available from the
GraphQL API