Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

440 advisories

Loading
AstrBot: File upload vulnerability in the function post_file of the file astrbot/dashboard/routes/chat.py Low
CVE-2026-8754 was published for AstrBot (pip) May 17, 2026
Prefect Git Argument Injection in GitRepository Pull Steps Low
CVE-2026-7725 was published for prefect (pip) May 4, 2026
nedlir Credited to nedlir
Prefect SSRF Bypass via DNS Rebinding in validate_restricted_url Low
CVE-2026-7724 was published for prefect (pip) May 4, 2026
nedlir Credited to nedlir
Crawlee for Python: SSRF via sitemap-derived URLs Low
CVE-2026-46497 was published for crawlee (pip) May 21, 2026
FORIMOC Credited to FORIMOC and Arturo0x90 Arturo0x90 Arturo0x90
Open redirect endpoint in Datasette Low
CVE-2025-64481 was published for datasette (pip) Nov 6, 2025
jamesjefferies Credited to jamesjefferies
Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access) Low
CVE-2026-45316 was published for open-webui (pip) May 14, 2026
qi-scape Credited to qi-scape and Classic298 Classic298 Classic298
Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs Low
CVE-2026-45739 was published for strawberry-graphql (pip) May 19, 2026
lpschroer Credited to lpschroer, bellini666, and patrick91 bellini666 bellini666
patrick91 patrick91
ciguard: discover_pipeline_files follows symlinks out of scan root Low
CVE-2026-44220 was published for ciguard (pip) May 5, 2026
ciguard: Container image runs as root (no USER directive) Low
CVE-2026-44218 was published for ciguard (pip) May 5, 2026
dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redaction Low
CVE-2026-44970 was published for dbt-mcp (pip) May 14, 2026
hewei-gikaku Credited to hewei-gikaku
dbt MCP Server Logs Tool Arguments Including SQL Queries and Credentials in Plaintext Without Redaction When File Logging Is Enabled Low
CVE-2026-44969 was published for dbt-mcp (pip) May 14, 2026
hewei-gikaku Credited to hewei-gikaku
Microdot has HTTP response splitting in Response.set_cookie() Low
CVE-2026-42874 was published for microdot (pip) May 5, 2026
luantq0 Credited to luantq0
OSGeo GDAL vulnerable to out-of-bounds read Low
CVE-2026-8088 was published for GDAL (pip) May 7, 2026
OSGeo GDAL vulnerable to heap-based buffer overflow Low
CVE-2026-8087 was published for GDAL (pip) May 7, 2026
Paramiko rsakey.py allows the SHA-1 algorithm Low
CVE-2026-44405 was published for paramiko (pip) May 6, 2026
Langchain-Chatchat Uses Insufficiently Random Values Low
CVE-2026-7847 was published for langchain-chatchat (pip) May 5, 2026
Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API Low
CVE-2026-7846 was published for langchain-chatchat (pip) May 5, 2026
Langchain-Chatchat Uses a Broken or Risky Cryptographic Algorithm Low
CVE-2026-7845 was published for langchain-chatchat (pip) May 5, 2026
Django Uses Cache Containing Sensitive Information Low
CVE-2026-6907 was published for Django (pip) May 5, 2026
Django Uses Persistent Cookies Containing Sensitive Information Low
CVE-2026-35192 was published for Django (pip) May 5, 2026
justhtml introduces denial-of-service hardening Low
GHSA-r8cj-3554-33mr was published for justhtml (pip) May 8, 2026
EmilStenstrom Credited to EmilStenstrom
mem0ai mem0 has an Improper Input Validation Issue Low
CVE-2026-7597 was published for mem0ai (pip) May 2, 2026
Hugging Face Smolagents has a Server-Side Request Forgery issue Low
CVE-2026-2654 was published for smolagents (pip) Feb 18, 2026
django-mdeditor is Missing Authentication for Critical Function Low
CVE-2025-13030 was published for django-mdeditor (pip) Apr 30, 2026
Hugging Face Smolagents has an Injection issue Low
CVE-2026-4963 was published for smolagents (pip) Mar 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database