GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
227 advisories
Glances: Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS
High
CVE-2026-34839
was published
for
Glances
(pip)
Apr 21, 2026
Weblate: SSRF via Project-Level Machinery Configuration
Moderate
CVE-2026-34244
was published
for
weblate
(pip)
Apr 16, 2026
Weblate: Arbitrary File Read via Symlink
High
CVE-2026-34242
was published
for
weblate
(pip)
Apr 16, 2026
Weblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repository
Moderate
CVE-2026-33220
was published
for
weblate
(pip)
Apr 16, 2026
LangSmith SDK: Streaming token events bypass output redaction
Moderate
CVE-2026-41182
was published
for
langsmith
(npm)
Apr 16, 2026
PraisonAI Vulnerable to Sensitive Environment Variable Exposure via Untrusted MCP Subprocess Execution
Moderate
CVE-2026-40159
was published
for
PraisonAI
(pip)
Apr 10, 2026
PraisonAI: Unauthenticated Information Disclosure of Agent Instructions via /api/agents in AgentOS
Moderate
CVE-2026-40151
was published
for
PraisonAI
(pip)
Apr 10, 2026
PraisonAI Has Unauthenticated SSE Event Stream that Exposes All Agent Activity in A2U Server
High
CVE-2026-39889
was published
for
praisonai
(pip)
Apr 8, 2026
AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect
Low
CVE-2026-34518
was published
for
aiohttp
(pip)
Apr 1, 2026
Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters
High
CVE-2026-33981
was published
for
changedetection.io
(pip)
Mar 27, 2026
Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`
Critical
CVE-2026-32633
was published
for
Glances
(pip)
Mar 16, 2026
Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials
High
CVE-2026-32609
was published
for
Glances
(pip)
Mar 16, 2026
Glances exposes the REST API without authentication
High
CVE-2026-32596
was published
for
Glances
(pip)
Mar 16, 2026
Glances Exposes Unauthenticated Configuration Secrets
High
CVE-2026-30928
was published
for
glances
(pip)
Mar 9, 2026
Plane is Vulnerable to Unauthenticated Workspace Member Information Disclosure
High
CVE-2026-30244
was published
for
plane
(pip)
Mar 5, 2026
mcp-memory-service Vulnerable to System Information Disclosure via Health Endpoint
Moderate
CVE-2026-29787
was published
for
mcp-memory-service
(pip)
Mar 5, 2026
Gradio has an Open Redirect in its OAuth Flow
Moderate
CVE-2026-28415
was published
for
gradio
(pip)
Mar 1, 2026
Weblate: Missing access control for the AddonViewSet API exposes all addon configurations
Moderate
CVE-2026-27457
was published
for
weblate
(pip)
Feb 26, 2026
Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading
High
CVE-2026-1669
was published
for
keras
(pip)
Feb 18, 2026
ProTip!
Advisories are also available from the
GraphQL API