GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
15 advisories
PraisonAI Vulnerable to Server-Side Request Forgery via Unvalidated webhook_url in Jobs API
High
CVE-2026-40114
was published
for
PraisonAI
(pip)
Apr 10, 2026
PraisonAI: Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint
High
GHSA-x462-jjpc-q4q4
was published
for
praisonaiagents
(pip)
Apr 10, 2026
PraisonAI: Hardcoded `approval_mode="auto"` in Chainlit UI Overrides Administrator Configuration, Enabling Unapproved Shell Command Execution
High
GHSA-qwgj-rrpj-75xm
was published
for
PraisonAI
(pip)
Apr 10, 2026
PraisonAIAgents: Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool
High
CVE-2026-40153
was published
for
praisonaiagents
(pip)
Apr 10, 2026
PraisonAI: Unauthenticated Allow-List Manipulation Bypasses Agent Tool Approval Safety Controls
High
CVE-2026-40149
was published
for
PraisonAI
(pip)
Apr 10, 2026
PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool
High
CVE-2026-40150
was published
for
praisonaiagents
(pip)
Apr 10, 2026
PraisonAI: Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits
High
CVE-2026-40116
was published
for
PraisonAI
(pip)
Apr 10, 2026
PraisonAI has Template Injection in Agent Tool Definitions
High
CVE-2026-39891
was published
for
praisonai
(pip)
Apr 8, 2026
BentoML: SSTI via Unsandboxed Jinja2 in Dockerfile Generation
High
CVE-2026-35044
was published
for
bentoml
(pip)
Apr 3, 2026
pyLoad SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration
High
CVE-2026-33509
was published
for
pyload-ng
(pip)
Mar 20, 2026
Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials
High
CVE-2026-32609
was published
for
Glances
(pip)
Mar 16, 2026
Glances has a Command Injection via Process Names in Action Command Templates
High
CVE-2026-32608
was published
for
Glances
(pip)
Mar 16, 2026
Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers
High
CVE-2026-32634
was published
for
Glances
(pip)
Mar 16, 2026
Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements
High
CVE-2026-32611
was published
for
Glances
(pip)
Mar 16, 2026
Glances's Default CORS Configuration Allows Cross-Origin Credential Theft
High
CVE-2026-32610
was published
for
Glances
(pip)
Mar 16, 2026
ProTip!
Advisories are also available from the
GraphQL API