GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
compliance-trestle Vulnerable to Remote Code Execution via Recursive Server-Side Template Injection (SSTI)
High
CVE-2026-46439
was published
for
compliance-trestle
(pip)
May 28, 2026
compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem
Moderate
CVE-2026-46380
was published
for
compliance-trestle
(pip)
May 28, 2026
compliance-trestle - jinja has an Arbitrary File Write via Path Traversal
High
CVE-2026-46345
was published
for
compliance-trestle
(pip)
May 28, 2026
PyLoad Vulnerable to Path Traversal via Package Folder Name
Moderate
CVE-2026-42314
was published
for
pyload-ng
(pip)
May 5, 2026
PraisonAI has critical RCE via `type: job` workflow YAML
Critical
CVE-2026-40288
was published
for
PraisonAI
(pip)
Apr 10, 2026
PraisonAI Vulnerable to RCE via Automatic tools.py Import
High
CVE-2026-40287
was published
for
PraisonAI
(pip)
Apr 10, 2026
PraisonAI Vulnerable to Sensitive Environment Variable Exposure via Untrusted MCP Subprocess Execution
Moderate
CVE-2026-40159
was published
for
PraisonAI
(pip)
Apr 10, 2026
PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading
High
CVE-2026-40156
was published
for
praisonai
(pip)
Apr 10, 2026
PraisonAI Vulnerable Untrusted Remote Template Code Execution
Critical
CVE-2026-40154
was published
for
PraisonAI
(pip)
Apr 10, 2026
PraisonAI Vulnerable to Code Injection and Protection Mechanism Failure
High
CVE-2026-40158
was published
for
PraisonAI
(pip)
Apr 10, 2026
PraisonAI Vulnerable to OS Command Injection
Critical
CVE-2026-40088
was published
for
PraisonAI
(pip)
Apr 8, 2026
ProTip!
Advisories are also available from the
GraphQL API