Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

2,096 advisories

Loading
GPT-Pilot contains a command injection vulnerability in the Executor.run() method Moderate
CVE-2026-31246 was published for gpt-pilot (pip) May 11, 2026
mem0 server lacks authentication and authorization controls for its memory creation API endpoint Moderate
CVE-2026-31245 was published for mem0ai (pip) May 12, 2026
mem0 server lacks authentication and authorization controls for its memory deletion API endpoint Moderate
CVE-2026-31241 was published for mem0ai (pip) May 12, 2026
AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username Moderate
CVE-2026-45309 was published for asyncssh (pip) May 27, 2026
0xHunSec Credited to 0xHunSec
Weblate has a Server-Side Request Forgery issue Moderate
CVE-2025-66407 was published for Weblate (pip) May 26, 2026
secjson Credited to secjson and nijel nijel nijel
instagrapi: Unsafe signup challenge path handling in instagrapi Moderate
GHSA-ggxf-37hm-9wqf was published for instagrapi (pip) May 23, 2026
trophyxxx Credited to trophyxxx
aiograpi: Unsafe signup challenge path handling Moderate
CVE-2026-47157 was published for aiograpi (pip) May 23, 2026
trophyxxx Credited to trophyxxx
Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance Moderate
CVE-2026-46715 was published for Flask-Security-Too (pip) May 22, 2026
0xHunSec Credited to 0xHunSec
Prefect Unauthenticated Event Injection via /api/events/in WebSocket Moderate
CVE-2026-7723 was published for prefect (pip) May 4, 2026
nedlir Credited to nedlir
Prefect Auth Bypass via endswith() Health Check Exemption Moderate
CVE-2026-7722 was published for prefect (pip) May 4, 2026
nedlir Credited to nedlir
apache-airflow-providers-smtp: No certificate validation on SMTP STARTTLS connections in SMTP provider Moderate
CVE-2026-41016 was published for apache-airflow-providers-smtp (pip) Apr 30, 2026
francisbergin Credited to francisbergin
Pydantic AI: SSRF cloud-metadata blocklist bypass via IPv4-mapped IPv6 (Incomplete fix of CVE-2026-25580) Moderate
CVE-2026-46678 was published for pydantic-ai (pip) May 21, 2026
j0hndo Credited to j0hndo
SQLAdmin: Authorization Bypass on `ajax_lookup` Moderate
CVE-2026-46645 was published for sqladmin (pip) May 21, 2026
FlaskBB: SSRF in get_image_info() via unrestricted avatar URL Moderate
CVE-2026-46556 was published for flaskbb (pip) May 21, 2026
woohyunchoi-kentech Credited to woohyunchoi-kentech, programsurf, and yoonsh programsurf programsurf
yoonsh yoonsh
pyload-ng: SSRF via HTTP Redirect Bypass in parse_urls API Moderate
CVE-2026-46561 was published for pyload-ng (pip) May 21, 2026
offset Credited to offset
Amazon SageMaker Python SDK is missing integrity verification in its Triton inference handler Moderate
CVE-2026-8597 was published for sagemaker (pip) May 21, 2026
Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing Moderate
CVE-2026-46486 was published for mvt (pip) May 21, 2026
Mistune Image Directive CSS Injection Vulnerability Moderate
CVE-2026-44899 was published for mistune (pip) May 14, 2026
QiaoNPC Credited to QiaoNPC and Across-Verticals-Malaysia Across-Verticals-Malaysia Across-Verticals-Malaysia
Mistune TOC Anchor Injection XSS Moderate
CVE-2026-44898 was published for mistune (pip) May 14, 2026
QiaoNPC Credited to QiaoNPC and Across-Verticals-Malaysia Across-Verticals-Malaysia Across-Verticals-Malaysia
Mistune Heading ID Attribute has Injection XSS Moderate
CVE-2026-44897 was published for mistune (pip) May 9, 2026
QiaoNPC Credited to QiaoNPC and Across-Verticals-Malaysia Across-Verticals-Malaysia Across-Verticals-Malaysia
Mistune Math Plugin has an XSS Escape Bypass Moderate
CVE-2026-44708 was published for mistune (pip) May 8, 2026
QiaoNPC Credited to QiaoNPC and Across-Verticals-Malaysia Across-Verticals-Malaysia Across-Verticals-Malaysia
Werkzeug possible resource exhaustion when parsing file data in forms Moderate
CVE-2024-49767 was published for Quart (pip) Oct 25, 2024
defnull Credited to defnull and levpachmanov levpachmanov levpachmanov
Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning Moderate
CVE-2023-46136 was published for werkzeug (pip) Oct 25, 2023
psrok1 Credited to psrok1, davidism, and levpachmanov davidism davidism
levpachmanov levpachmanov
pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files Moderate
CVE-2026-3219 was published for pip (pip) Apr 20, 2026
amine-malloul-gira Credited to amine-malloul-gira and tsokalski tsokalski tsokalski
OpenStack Nova Information leak in libvirt LVM-backed instances Moderate
CVE-2012-5625 was published for nova (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database