GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
15 advisories
Glances has a Command Injection via Process Names in Action Command Templates
High
CVE-2026-32608
was published
for
Glances
(pip)
Mar 16, 2026
Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials
High
CVE-2026-32609
was published
for
Glances
(pip)
Mar 16, 2026
Glances's Default CORS Configuration Allows Cross-Origin Credential Theft
High
CVE-2026-32610
was published
for
Glances
(pip)
Mar 16, 2026
Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements
High
CVE-2026-32611
was published
for
Glances
(pip)
Mar 16, 2026
Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers
High
CVE-2026-32634
was published
for
Glances
(pip)
Mar 16, 2026
pyLoad SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration
High
CVE-2026-33509
was published
for
pyload-ng
(pip)
Mar 20, 2026
BentoML: SSTI via Unsandboxed Jinja2 in Dockerfile Generation
High
CVE-2026-35044
was published
for
bentoml
(pip)
Apr 3, 2026
PraisonAI has Template Injection in Agent Tool Definitions
High
CVE-2026-39891
was published
for
praisonai
(pip)
Apr 8, 2026
PraisonAI: Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits
High
CVE-2026-40116
was published
for
PraisonAI
(pip)
Apr 10, 2026
PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool
High
CVE-2026-40150
was published
for
praisonaiagents
(pip)
Apr 10, 2026
PraisonAI: Unauthenticated Allow-List Manipulation Bypasses Agent Tool Approval Safety Controls
High
CVE-2026-40149
was published
for
PraisonAI
(pip)
Apr 10, 2026
PraisonAIAgents: Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool
High
CVE-2026-40153
was published
for
praisonaiagents
(pip)
Apr 10, 2026
PraisonAI: Hardcoded `approval_mode="auto"` in Chainlit UI Overrides Administrator Configuration, Enabling Unapproved Shell Command Execution
High
GHSA-qwgj-rrpj-75xm
was published
for
PraisonAI
(pip)
Apr 10, 2026
PraisonAI: Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint
High
GHSA-x462-jjpc-q4q4
was published
for
praisonaiagents
(pip)
Apr 10, 2026
PraisonAI Vulnerable to Server-Side Request Forgery via Unvalidated webhook_url in Jobs API
High
CVE-2026-40114
was published
for
PraisonAI
(pip)
Apr 10, 2026
ProTip!
Advisories are also available from the
GraphQL API