GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7 advisories
Parse Server: Pre-authentication denial of service via client version header regex backtracking
High
CVE-2026-47138
was published
for
parse-server
(npm)
May 23, 2026
PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute
High
CVE-2026-44339
was published
for
PraisonAI
(pip)
May 11, 2026
PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries
Moderate
CVE-2026-44337
was published
for
PraisonAI
(pip)
May 11, 2026
PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution
High
CVE-2026-44338
was published
for
PraisonAI
(pip)
May 11, 2026
open-websearch has SSRF in `fetchWebContent` MCP tool: bracketed IPv6 literals and non-resolving hostname check bypass `isPrivateOrLocalHostname`
High
CVE-2026-42260
was published
for
open-websearch
(npm)
May 5, 2026
pyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an attacker-controlled proxy via unrestricted `proxy.*` config (incomplete fix for CVE-2026-33509 / -35463 / -35464 / -35586)
High
CVE-2026-42313
was published
for
pyload-ng
(pip)
May 4, 2026
pyload-ng: non-admin SETTINGS users can disable outbound TLS peer verification via unrestricted `ssl_verify` config (incomplete fix for CVE-2026-33509 / -35463 / -35464 / -35586)
Moderate
CVE-2026-42312
was published
for
pyload-ng
(pip)
May 4, 2026
ProTip!
Advisories are also available from the
GraphQL API