Advisories
Found by Cipher, fixed upstream.
Original vulnerabilities Cipher reported in widely deployed open-source and embedded software: identity infrastructure, a 5G core, data platforms, building automation, and the tools developers live in. Each row links to its upstream advisory. New entries publish as embargoes lift.
← Field reports & writeups Advisory ledger Ordered by severity, then date · Latest entry Jul 14, 2026
- StackGresCVSS 9.4 CWE-426 affected ≤ 1.18.8 fixed 1.19.0-rc1 Jun 26, 2026
- Hasura GraphQL
- GraphicsMagick
- ZITADELHigh Privilege escalation in OAuth2 token exchange
- CVE-2026-55672 CVSS 7.4 CWE-287 affected 4.0.0-4.15.1, 3.0.0-3.4.11 fixed 4.15.2, 3.4.12 Jun 17, 2026
- Open5GS
- YamcsModerate Missing privilege checks in WebSocket subscription topics
- BACnet StackModerate Pre-auth out-of-bounds read in the BACnetXYColor decoderCVSS 5.3 CWE-125 affected ≤ 1.5.0 fixed 1.4.5, 1.5.1, 1.6.0 Jul 5, 2026
- Vim
- 7-ZipCVSS 6.5 CWE-125 affected ≤ 26.01 fixed 26.02 Jun 25, 2026
- Supabase Realtime
- Vim
- Vim
- Vim
- Vim
- Vim
- Vim