Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

440 advisories

Loading
auto-favicon has a Server-Side Request Forgery issue Low
CVE-2026-7150 was published for auto-favicon (pip) Apr 27, 2026
vLLM makes Use of Uninitialized Resource Low
CVE-2026-7141 was published for vllm (pip) Apr 27, 2026
Wooey has an Incorrect Privilege Assignment issue Low
CVE-2026-7142 was published for wooey (pip) Apr 27, 2026
AstrBot has Incomplete Filtering of Special Elements Low
CVE-2026-6984 was published for AstrBot (pip) Apr 25, 2026
verl's math_equal() Vulnerable to Arbitrary Code Execution via Unsafe eval() Low
CVE-2026-6878 was published for verl (pip) Apr 23, 2026
Poetry has Path Traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4 Low
CVE-2026-41140 was published for poetry (pip) Apr 22, 2026
kodareef5 Credited to kodareef5 and radoering radoering radoering
Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint Low
CVE-2026-6598 was published for langflow (pip) Apr 20, 2026
Langflow vulnerable to injection Low
CVE-2026-6599 was published for langflow (pip) Apr 20, 2026
Langflow has an Information Leak through Incomplete API Key Redaction Low
CVE-2026-6597 was published for langflow (pip) Apr 20, 2026
RAGAS has SSRF via Multi-Modal Faithfulness Collections Module Low
CVE-2026-6587 was published for ragas (pip) Apr 20, 2026
Apache Airflow Exposes Secrets in Variables Saved as JSON Dictionaries Low
CVE-2026-32690 was published for apache-airflow-core (pip) Apr 18, 2026
Neo4j Labs MCP Servers: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures Low
CVE-2026-35402 was published for mcp-neo4j-cypher (pip) Apr 17, 2026
yotampe-pluto Credited to yotampe-pluto
langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding Low
CVE-2026-41488 was published for langchain-openai (pip) Apr 16, 2026
deprrous Credited to deprrous
Weblate: Improper access control for pending tasks in API Low
CVE-2026-33212 was published for weblate (pip) Apr 16, 2026
nijel Credited to nijel
pyLoad's Session Not Invalidated After Permission Changes Low
GHSA-fj52-5g4h-gmq8 was published for pyload-ng (pip) Apr 14, 2026
PinkDraconian Credited to PinkDraconian
Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check Low
CVE-2026-40319 was published for giskard-checks (pip) Apr 14, 2026
dhabaleshwar Credited to dhabaleshwar
Multiple security fixes in justhtml Low
GHSA-4p64-v8f5-r2gx was published for justhtml (pip) Apr 14, 2026
EmilStenstrom Credited to EmilStenstrom
MetaGPT affected by server-side request forgery in metagpt/utils/common.py Low
CVE-2026-6111 was published for metagpt (pip) Apr 12, 2026
MetaGPT has an eval injection via a cross-site request forgery attack Low
CVE-2026-6109 was published for metagpt (pip) Apr 12, 2026
uv vulnerable to arbitrary file deletion through RECORD entries Low
GHSA-pjjw-68hj-v9mw was published for uv (pip) Apr 10, 2026
konstin Credited to konstin, zanieb, woodruffw, EliteTK, and CodeByMoriarty zanieb zanieb
woodruffw woodruffw EliteTK EliteTK CodeByMoriarty CodeByMoriarty
OpenStack Keystone: Restricted application credentials can create EC2 credentials Low
CVE-2026-33551 was published for keystone (pip) Apr 10, 2026
justhtml: Mutation XSS with custom foreign-namespace sanitization policies Low
GHSA-r758-8hxw-4845 was published for justhtml (pip) Apr 8, 2026
EmilStenstrom Credited to EmilStenstrom
Django vulnerable to privilege abuse in GenericInlineModelAdmin Low
CVE-2026-4277 was published for Django (pip) Apr 7, 2026
Django vulnerable to privilege abuse in ModelAdmin.list_editable Low
CVE-2026-4292 was published for Django (pip) Apr 7, 2026
OpenEXR Makes Use of Uninitialized Memory Low
CVE-2025-64181 was published for OpenEXR (pip) Apr 6, 2026
Kaldreic Credited to Kaldreic
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database