Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,022
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,403
Swift
61
Unreviewed advisories
All unreviewed
5,000+

6 advisories

Loading
Langflow: Unauthenticated RCE in Shareable Playgrounds Critical
CVE-2026-48519 was published for langflow (pip) Jun 16, 2026
vbCrLf Credited to vbCrLf, Jkavia, andifilhohub, and AntonioABLima Jkavia Jkavia
andifilhohub andifilhohub AntonioABLima AntonioABLima
Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint Moderate
CVE-2026-42867 was published for langflow (pip) Jun 16, 2026
nekros1xx Credited to nekros1xx, Cristhianzl, andifilhohub, and AntonioABLima Cristhianzl Cristhianzl
andifilhohub andifilhohub AntonioABLima AntonioABLima
Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints High
CVE-2026-33760 was published for langflow (pip) Jun 16, 2026
akshatgit Credited to akshatgit, AntonioABLima, andifilhohub, ethansilvas, and Jkavia AntonioABLima AntonioABLima
andifilhohub andifilhohub ethansilvas ethansilvas Jkavia Jkavia
Langflow Knowledge Bases API is Vulnerable to Path Traversal Critical
CVE-2026-42048 was published for langflow (pip) May 5, 2026
ddlxstudio Credited to ddlxstudio, nekros1xx, AntonioABLima, Cristhianzl, and andifilhohub nekros1xx nekros1xx
AntonioABLima AntonioABLima Cristhianzl Cristhianzl andifilhohub andifilhohub
Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check High
CVE-2026-34046 was published for langflow (pip) Mar 27, 2026
chximn-dt Credited to chximn-dt and AntonioABLima AntonioABLima AntonioABLima
langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading High
CVE-2026-33497 was published for langflow (pip) Mar 20, 2026
r00tuser111 Credited to r00tuser111, erichare, and AntonioABLima erichare erichare
AntonioABLima AntonioABLima
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database