Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

21 advisories

Loading
Weblate: Privilege escalation in the user API endpoint High
CVE-2026-34393 was published for weblate (pip) Apr 16, 2026
tikket1 Credited to tikket1, nijel, and DavidCarliez nijel nijel
DavidCarliez DavidCarliez
praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id} High
CVE-2026-47412 was published for praisonai-platform (pip) Jun 1, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts High
CVE-2026-45675 was published for open-webui (pip) May 14, 2026
sfwani Credited to sfwani and Classic298 Classic298 Classic298
KadirArslan Credited to KadirArslan
offset Credited to offset
Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE) High
CVE-2025-57760 was published for langflow (pip) Aug 25, 2025
chaandrey Credited to chaandrey and jinglim jinglim jinglim
Open WebUI Allows Admin Deletion via API Endpoint High
CVE-2024-7039 was published for open-webui (pip) Mar 20, 2025
OpenStack Kolla sudo privilege escalation vulnerability High
CVE-2022-38060 was published for kolla (pip) Dec 21, 2022
MobSF Local Privilege Escalation High
CVE-2025-24805 was published for mobsf (pip) Feb 5, 2025
Improper Access Control in Apache Airflow High
CVE-2021-26559 was published for apache-airflow (pip) Apr 7, 2021
sunSUNQ Credited to sunSUNQ
SciPy creates insecure temporary directories High
CVE-2013-4251 was published for scipy (pip) May 5, 2022
Plone Privilege Escallation High
CVE-2020-7938 was published for Plone (pip) May 24, 2022
OctoPrint Improper Privilege Management vulnerability High
CVE-2022-3068 was published for OctoPrint (pip) Sep 22, 2022
OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context High
CVE-2020-12689 was published for keystone (pip) May 24, 2022
Execution with Unnecessary Privileges in ipython High
CVE-2022-21699 was published for ipython (pip) Jan 21, 2022
mlucool Credited to mlucool and quarl quarl quarl
Execution with Unnecessary Privileges in JupyterApp High
CVE-2022-39286 was published for jupyter-core (pip) Oct 26, 2022
Incorrect Session Validation in Apache Airflow High
CVE-2020-17526 was published for apache-airflow (pip) Apr 20, 2021
sunSUNQ Credited to sunSUNQ
APM Java Agent Local Privilege Escalation High
CVE-2021-37941 was published for elastic-apm (pip) Dec 9, 2021
ClusterLabs crmsh vulnerable to shell code injection High
CVE-2020-35459 was published for crmsh (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API