GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7 advisories
Apache Shiro has an Authentication Bypass
Moderate
CVE-2026-23903
was published
for
org.apache.shiro:shiro-spring
(Maven)
Feb 9, 2026
Apache Airflow UI Exposes DAG Import Errors to Unauthorized Authenticated Users
Moderate
CVE-2026-24098
was published
for
apache-airflow
(pip)
Feb 9, 2026
Apache Airflow Has an Authorization Bypass That Allows Unauthorized Task Log Access
Moderate
CVE-2026-22922
was published
for
apache-airflow
(pip)
Feb 9, 2026
MCP Run Python Deno Sandbox Misconfiguration Allows SSRF Attacks via Localhost Access
Moderate
CVE-2026-25904
was published
for
mcp-run-python
(pip)
Feb 9, 2026
MCP Run Python has a Sandbox Escape & Server Takeover Vulnerability
Moderate
CVE-2026-25905
was published
for
mcp-run-python
(pip)
Feb 9, 2026
jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions
High
CVE-2026-1615
was published
for
jsonpath
(npm)
Feb 9, 2026
Keylime Missing Authentication for Critical Function and Improper Authentication
Critical
CVE-2026-1709
was published
for
keylime
(pip)
Feb 6, 2026
ProTip!
Advisories are also available from the
GraphQL API