GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7 advisories
LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization
High
CVE-2026-46432
was published
for
lmdeploy
(pip)
May 21, 2026
PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings
Moderate
CVE-2026-47390
was published
for
PraisonAI
(pip)
May 29, 2026
PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset
Critical
CVE-2026-47396
was published
for
PraisonAI
(pip)
May 29, 2026
PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context
Moderate
CVE-2026-47395
was published
for
PraisonAI
(pip)
May 29, 2026
PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, deploy.validate
High
CVE-2026-47394
was published
for
PraisonAI
(pip)
May 29, 2026
PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID
High
CVE-2026-47399
was published
for
praisonai-platform
(pip)
May 29, 2026
PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership
High
CVE-2026-47405
was published
for
praisonai-platform
(pip)
May 29, 2026
ProTip!
Advisories are also available from the
GraphQL API