GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
5 advisories
SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion
High
CVE-2026-46491
was published
for
simplesamlphp/simplesamlphp-module-casserver
(Composer)
May 15, 2026
Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass
High
CVE-2026-48491
was published
for
Traefik
(Go)
Jun 16, 2026
Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts
High
CVE-2026-53622
was published
for
Traefik
(Go)
Jun 16, 2026
Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix
Critical
CVE-2026-49980
was published
for
github.com/rclone/rclone
(Go)
Jun 16, 2026
Gitea: Public-only tokens bypass private-resource restrictions on `/api/v1/user` self routes
High
CVE-2026-24791
was published
for
code.gitea.io/gitea
(Go)
Jun 17, 2026
ProTip!
Advisories are also available from the
GraphQL API