GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
Weblate: Privilege escalation in the user API endpoint
High
CVE-2026-34393
was published
for
weblate
(pip)
Apr 16, 2026
praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id}
High
CVE-2026-47412
was published
for
praisonai-platform
(pip)
Jun 1, 2026
praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role
High
CVE-2026-47409
was published
for
praisonai-platform
(pip)
May 29, 2026
Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts
High
CVE-2026-45675
was published
for
open-webui
(pip)
May 14, 2026
wger: Privilege escalation via trainer-login session chaining allows gym trainer to impersonate gym manager
High
CVE-2026-43978
was published
for
wger
(pip)
May 14, 2026
pyLoad SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration
High
CVE-2026-33509
was published
for
pyload-ng
(pip)
Mar 20, 2026
Signify allows a remote attacker to escalate privileges via the signed_data.py and the context.py components
High
CVE-2025-70887
was published
for
signify
(pip)
Mar 25, 2026
Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE)
High
CVE-2025-57760
was published
for
langflow
(pip)
Aug 25, 2025
Open WebUI Allows Admin Deletion via API Endpoint
High
CVE-2024-7039
was published
for
open-webui
(pip)
Mar 20, 2025
OpenStack Kolla sudo privilege escalation vulnerability
High
CVE-2022-38060
was published
for
kolla
(pip)
Dec 21, 2022
Improper Access Control in Apache Airflow
High
CVE-2021-26559
was published
for
apache-airflow
(pip)
Apr 7, 2021
SciPy creates insecure temporary directories
High
CVE-2013-4251
was published
for
scipy
(pip)
May 5, 2022
OctoPrint Improper Privilege Management vulnerability
High
CVE-2022-3068
was published
for
OctoPrint
(pip)
Sep 22, 2022
OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context
High
CVE-2020-12689
was published
for
keystone
(pip)
May 24, 2022
Execution with Unnecessary Privileges in ipython
High
CVE-2022-21699
was published
for
ipython
(pip)
Jan 21, 2022
Execution with Unnecessary Privileges in JupyterApp
High
CVE-2022-39286
was published
for
jupyter-core
(pip)
Oct 26, 2022
Incorrect Session Validation in Apache Airflow
High
CVE-2020-17526
was published
for
apache-airflow
(pip)
Apr 20, 2021
APM Java Agent Local Privilege Escalation
High
CVE-2021-37941
was published
for
elastic-apm
(pip)
Dec 9, 2021
ClusterLabs crmsh vulnerable to shell code injection
High
CVE-2020-35459
was published
for
crmsh
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API