GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10 advisories
Portainer's Kubernetes middleware continues after token validation failure, bypassing endpoint authorization
High
CVE-2026-44882
was published
for
github.com/portainer/portainer
(Go)
May 14, 2026
Portainer has a path traversal in backup archive extraction that allows arbitrary file write
Moderate
CVE-2026-44885
was published
for
github.com/portainer/portainer
(Go)
May 14, 2026
FlowiseAI Exposes Basic Auth Credentials via API
High
CVE-2026-46440
was published
for
flowise
(npm)
May 14, 2026
Flowise: Weak Default Token Hash Secret
Moderate
GHSA-m7mq-85xj-9x33
was published
for
flowise
(npm)
Apr 16, 2026
Flowise: Weak Default Express Session Secret
Moderate
GHSA-2qqc-p94c-hxwh
was published
for
flowise
(npm)
Apr 16, 2026
Flowise: Weak Default JWT Secrets
Moderate
GHSA-cc4f-hjpj-g9p8
was published
for
flowise
(npm)
Apr 16, 2026
n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no
Moderate
CVE-2026-33724
was published
for
n8n
(npm)
Mar 25, 2026
Langflow is Missing Ownership Verification in API Key Deletion (IDOR)
High
CVE-2026-33053
was published
for
langflow
(pip)
Mar 18, 2026
Flowise has Insufficient Password Salt Rounds
Moderate
GHSA-x2g5-fvc2-gqvp
was published
for
flowise
(npm)
Mar 5, 2026
NocoDB has Blind SSRF via Unvalidated HEAD Request in uploadViaURL Functionality
Moderate
CVE-2026-24767
was published
for
nocodb
(npm)
Jan 28, 2026
ProTip!
Advisories are also available from the
GraphQL API