Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
PraisonAI: Coarse-Grained Tool Approval Cache Bypasses Per-Invocation Consent for Shell Commands Moderate
GHSA-ffp3-3562-8cv3 was published for praisonaiagents (pip) Apr 10, 2026
offset Credited to offset
PraisonAI Vulnerable to Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits Moderate
CVE-2026-40148 was published for PraisonAI (pip) Apr 10, 2026
offset Credited to offset
PraisonAIAgents: Path Traversal via Unvalidated Glob Pattern in list_files Bypasses Workspace Boundary Moderate
CVE-2026-40152 was published for praisonaiagents (pip) Apr 10, 2026
offset Credited to offset
PraisonAI: Unauthenticated Information Disclosure of Agent Instructions via /api/agents in AgentOS Moderate
CVE-2026-40151 was published for PraisonAI (pip) Apr 10, 2026
offset Credited to offset
PraisonAIAgents: Arbitrary File Read via read_skill_file Missing Workspace Boundary and Approval Gate Moderate
CVE-2026-40117 was published for praisonaiagents (pip) Apr 10, 2026
offset Credited to offset
PraisonAI Vulnerable to Stored XSS via Unsanitized Agent Output in HTML Rendering (nh3 Not a Required Dependency) Moderate
CVE-2026-40112 was published for PraisonAI (pip) Apr 10, 2026
offset Credited to offset
PraisonAI has Memory State Leakage and Path Traversal in MultiAgent Context Handling Moderate
GHSA-766v-q9x3-g744 was published for praisonaiagents (pip) Apr 8, 2026
offset Credited to offset
NiceGUI: Upload filename sanitization bypass via backslashes allows path traversal on Windows Moderate
CVE-2026-39844 was published for nicegui (pip) Apr 8, 2026
offset Credited to offset, evnchn, and falkoschindler evnchn evnchn
falkoschindler falkoschindler
pyload-ng: Incomplete Tar Path Traversal Fix in UnTar._safe_extractall via os.path.commonprefix Bypass Moderate
CVE-2026-35592 was published for pyload-ng (pip) Apr 8, 2026
offset Credited to offset
pyload-ng: Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng Moderate
CVE-2026-35586 was published for pyload-ng (pip) Apr 8, 2026
offset Credited to offset
JustHTML Affected by Mutation XSS via Literal Text Serialization in Raw Text Elements (style/script) Moderate
GHSA-qvc2-mg72-jjhx was published for justhtml (pip) Mar 18, 2026
offset Credited to offset
Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding Moderate
CVE-2026-32632 was published for Glances (pip) Mar 16, 2026
offset Credited to offset
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database