Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

249 advisories

Loading
nono-py vulnerable to authorization bypass / policy confusion Moderate
GHSA-9j7f-3r4p-pwh6 was published for nono-py (pip) Jun 26, 2026
OpenAM Authentication Bypass via MSISDN LDAP Injection High
CVE-2026-46619 was published for org.openidentityplatform.openam:openam-auth-msisdn (Maven) Jun 26, 2026
wodzen Credited to wodzen
MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies Moderate
CVE-2026-48509 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
AArnott Credited to AArnott
praisonai-platform: default JWT signing secret 'dev-secret-change-me' enables token forgery Critical
GHSA-cwj8-7gp2-ggcw was published for praisonai-platform (pip) Jun 18, 2026
SnailSploit Credited to SnailSploit
praisonai-platform 0.1.4 still boots on the hardcoded JWT secret dev-secret-change-me (default-open production guard) Critical
GHSA-f38v-77qj-h4jq was published for praisonai-platform (pip) Jun 18, 2026
Yanchon918s Credited to Yanchon918s
npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call Critical
GHSA-j4f3-55x4-r6q2 was published for praisonai (npm) Jun 18, 2026
rexpository Credited to rexpository
praisonai: recipe serve auth middleware silently disables itself when no secret is set Critical
GHSA-j4hj-7hfh-g2f4 was published for praisonai (pip) Jun 18, 2026
SnailSploit Credited to SnailSploit
Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size High
CVE-2026-44892 was published for io.netty:netty-codec-http3 (Maven) Jun 8, 2026
violetagg Credited to violetagg
DbGate: Unauthenticated Remote Code Execution via JSON Script Runner Critical
CVE-2026-47668 was published for dbgate-serve (npm) Jun 5, 2026
benharvey-sage Credited to benharvey-sage
PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default Critical
CVE-2026-47393 was published for PraisonAI (pip) May 29, 2026
SnailSploit Credited to SnailSploit
NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG)... Moderate Unreviewed
CVE-2026-24197 was published May 26, 2026
ibondarenko1 Credited to ibondarenko1
phpMyFAQ: Default Empty API Token Authentication Bypass High
CVE-2026-35672 was published for phpmyfaq/phpmyfaq (Composer) May 20, 2026
guayu-kakeru Credited to guayu-kakeru
Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS Moderate
CVE-2026-46430 was published for github.com/xyproto/algernon (Go) May 20, 2026
Dredsen Credited to Dredsen
Algernon: Auto-refresh SSE event server binds to all interfaces with Access-Control-Allow-Origin: * and no authentication Moderate
GHSA-9v4j-7g44-qcqw was published for github.com/xyproto/algernon (Go) May 19, 2026
Dredsen Credited to Dredsen
Algernon: Single-file mode unconditionally enables debug mode High
CVE-2026-45728 was published for github.com/xyproto/algernon (Go) May 19, 2026
Dredsen Credited to Dredsen
ProTip! Advisories are also available from the GraphQL API