Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

86 advisories

Loading
Har1sh-k Credited to Har1sh-k
PraisonAI A2U incomplete authentication fix leaves current serve command unauthenticated by default High
GHSA-jxcw-qp4h-6jfq was published for praisonai (pip) Jun 18, 2026
rexpository Credited to rexpository
PraisonAI Code agent tools fail open without a workspace boundary High
GHSA-gcq3-mfvh-3x25 was published for praisonai (pip) Jun 18, 2026
rexpository Credited to rexpository
PraisonAI dynamic-context artifact tools read arbitrary host files outside artifact storage High
GHSA-j7qx-p75m-wp7g was published for praisonai (pip) Jun 18, 2026
rexpository Credited to rexpository
rexpository Credited to rexpository
Crawl4AI: LLM credential exfiltration in Docker server via request base_url and env: token resolution High
GHSA-f989-c77f-r2cq was published for crawl4ai (pip) Jun 16, 2026
geo-chen Credited to geo-chen
Glances exposes the REST API without authentication High
CVE-2026-32596 was published for Glances (pip) Mar 16, 2026
DhiyaneshGeek Credited to DhiyaneshGeek and neo-ai-engineer neo-ai-engineer neo-ai-engineer
Tornado: Authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient High
CVE-2026-49853 was published for tornado (pip) Jun 15, 2026
noobone123 Credited to noobone123, SnailSploit, 0xHunSec, and sondt99 SnailSploit SnailSploit
0xHunSec 0xHunSec sondt99 sondt99
NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text() High
CVE-2026-45553 was published for nicegui (pip) May 18, 2026
dennyabrahamsinaga Credited to dennyabrahamsinaga, falkoschindler, h3ri0s, and evnchn falkoschindler falkoschindler
h3ri0s h3ri0s evnchn evnchn
Apache Airflow secrets in rendered templates could contain parts of sensitive values when truncated High
CVE-2025-68438 was published for apache-airflow (pip) Jan 16, 2026
beanduan22 Credited to beanduan22
urllib3: Sensitive headers forwarded across origins in proxied low-level redirects High
CVE-2026-44431 was published for urllib3 (pip) May 11, 2026
christos-spearbit Credited to christos-spearbit, illia-v, and sethmlarson illia-v illia-v
sethmlarson sethmlarson
KadirArslan Credited to KadirArslan
Venukamatchi Credited to Venukamatchi
Weblate: Arbitrary File Read via Symlink High
CVE-2026-34242 was published for weblate (pip) Apr 16, 2026
DavidCarliez Credited to DavidCarliez
PraisonAI Has Unauthenticated SSE Event Stream that Exposes All Agent Activity in A2U Server High
CVE-2026-39889 was published for praisonai (pip) Apr 8, 2026
srisowmya2000 Credited to srisowmya2000
LiteLLM: Password hash exposure and pass-the-hash authentication bypass High
GHSA-69x8-hrgq-fjj8 was published for litellm (pip) Apr 8, 2026
MLFlow allows Tracing + Assessments Access High
CVE-2025-15381 was published for mlflow (pip) Mar 27, 2026
Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters High
CVE-2026-33981 was published for changedetection.io (pip) Mar 27, 2026
sajdakabir Credited to sajdakabir and zerotrail-ai zerotrail-ai zerotrail-ai
Scrapy authorization header leakage on cross-domain redirect High
CVE-2024-3574 was published for scrapy (pip) Feb 15, 2024
ranjit-git Credited to ranjit-git
offset Credited to offset
Glances Exposes Unauthenticated Configuration Secrets High
CVE-2026-30928 was published for glances (pip) Mar 9, 2026
theamanrawat Credited to theamanrawat and neo-ai-engineer neo-ai-engineer neo-ai-engineer
Plane is Vulnerable to Unauthenticated Workspace Member Information Disclosure High
CVE-2026-30244 was published for plane (pip) Mar 5, 2026
Sanu1999 Credited to Sanu1999
Apache Superset: Read-Only Bypass via Improper Input Validation on PostgreSQL Connections High
CVE-2026-23984 was published for apache-superset (pip) Feb 24, 2026
ProTip! Advisories are also available from the GraphQL API