GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
86 advisories
Filter by severity
Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN
High
CVE-2026-54317
was published
for
homeassistant
(pip)
Jun 19, 2026
PraisonAI A2U incomplete authentication fix leaves current serve command unauthenticated by default
High
GHSA-jxcw-qp4h-6jfq
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI Code agent tools fail open without a workspace boundary
High
GHSA-gcq3-mfvh-3x25
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI dynamic-context artifact tools read arbitrary host files outside artifact storage
High
GHSA-j7qx-p75m-wp7g
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI Dynamic Context history and terminal tools read files outside configured storage via path traversal
High
GHSA-22cj-m4wf-fv2c
was published
for
praisonai
(pip)
Jun 18, 2026
Crawl4AI: LLM credential exfiltration in Docker server via request base_url and env: token resolution
High
GHSA-f989-c77f-r2cq
was published
for
crawl4ai
(pip)
Jun 16, 2026
Glances exposes the REST API without authentication
High
CVE-2026-32596
was published
for
Glances
(pip)
Mar 16, 2026
Tornado: Authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient
High
CVE-2026-49853
was published
for
tornado
(pip)
Jun 15, 2026
NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()
High
CVE-2026-45553
was published
for
nicegui
(pip)
May 18, 2026
Apache Airflow secrets in rendered templates could contain parts of sensitive values when truncated
High
CVE-2025-68438
was published
for
apache-airflow
(pip)
Jan 16, 2026
PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, deploy.validate
High
CVE-2026-47394
was published
for
PraisonAI
(pip)
May 29, 2026
Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree
High
CVE-2026-45539
was published
for
apm
(pip)
May 18, 2026
urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
High
CVE-2026-44431
was published
for
urllib3
(pip)
May 11, 2026
wger Vulnerable to IDOR: Authenticated Users Can Read Any User's Private Workout Session Data via Template Routine API
High
CVE-2026-43977
was published
for
wger
(pip)
May 14, 2026
Glances: Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS
High
CVE-2026-34839
was published
for
Glances
(pip)
Apr 21, 2026
Weblate: Arbitrary File Read via Symlink
High
CVE-2026-34242
was published
for
weblate
(pip)
Apr 16, 2026
PraisonAI Has Unauthenticated SSE Event Stream that Exposes All Agent Activity in A2U Server
High
CVE-2026-39889
was published
for
praisonai
(pip)
Apr 8, 2026
LiteLLM: Password hash exposure and pass-the-hash authentication bypass
High
GHSA-69x8-hrgq-fjj8
was published
for
litellm
(pip)
Apr 8, 2026
MLFlow allows Tracing + Assessments Access
High
CVE-2025-15381
was published
for
mlflow
(pip)
Mar 27, 2026
Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters
High
CVE-2026-33981
was published
for
changedetection.io
(pip)
Mar 27, 2026
Scrapy authorization header leakage on cross-domain redirect
High
CVE-2024-3574
was published
for
scrapy
(pip)
Feb 15, 2024
Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials
High
CVE-2026-32609
was published
for
Glances
(pip)
Mar 16, 2026
Glances Exposes Unauthenticated Configuration Secrets
High
CVE-2026-30928
was published
for
glances
(pip)
Mar 9, 2026
Plane is Vulnerable to Unauthenticated Workspace Member Information Disclosure
High
CVE-2026-30244
was published
for
plane
(pip)
Mar 5, 2026
Apache Superset: Read-Only Bypass via Improper Input Validation on PostgreSQL Connections
High
CVE-2026-23984
was published
for
apache-superset
(pip)
Feb 24, 2026
ProTip!
Advisories are also available from the
GraphQL API