Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,948
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,383
Swift
56
Unreviewed advisories
All unreviewed
5,000+

44 advisories

Loading
praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id} High
CVE-2026-47412 was published for praisonai-platform (pip) Jun 1, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members Critical
CVE-2026-47413 was published for praisonai-platform (pip) Jun 1, 2026
praisonai-platform: Any workspace member can rewrite workspace name, description, and settings via PATCH /workspaces/{id} Moderate
CVE-2026-47411 was published for praisonai-platform (pip) Jun 1, 2026
praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id} Critical
CVE-2026-47416 was published for praisonai-platform (pip) May 29, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role High
CVE-2026-47409 was published for praisonai-platform (pip) May 29, 2026
PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation Critical
CVE-2026-47407 was published for praisonai-platform (pip) May 29, 2026
spbavarva Credited to spbavarva
Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts High
CVE-2026-45675 was published for open-webui (pip) May 14, 2026
sfwani Credited to sfwani and Classic298 Classic298 Classic298
wger: Privilege escalation via trainer-login session chaining allows gym trainer to impersonate gym manager High
CVE-2026-43978 was published for wger (pip) May 14, 2026
KadirArslan Credited to KadirArslan
ciguard: Container image runs as root (no USER directive) Low
CVE-2026-44218 was published for ciguard (pip) May 5, 2026
Weblate: Privilege escalation in the user API endpoint High
CVE-2026-34393 was published for weblate (pip) Apr 16, 2026
tikket1 Credited to tikket1, nijel, and DavidCarliez nijel nijel
DavidCarliez DavidCarliez
Signify allows a remote attacker to escalate privileges via the signed_data.py and the context.py components High
CVE-2025-70887 was published for signify (pip) Mar 25, 2026
pyLoad SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration High
CVE-2026-33509 was published for pyload-ng (pip) Mar 20, 2026
offset Credited to offset
Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE) High
CVE-2025-57760 was published for langflow (pip) Aug 25, 2025
chaandrey Credited to chaandrey and jinglim jinglim jinglim
Open WebUI Allows Admin Deletion via API Endpoint High
CVE-2024-7039 was published for open-webui (pip) Mar 20, 2025
Apache StreamPipes has improper privilege management in a REST interface Moderate
CVE-2024-24778 was published for org.apache.streampipes:streampipes-parent (Maven) Mar 3, 2025
MobSF Local Privilege Escalation High
CVE-2025-24805 was published for mobsf (pip) Feb 5, 2025
Access control vulnerable to user data deletion by anonynmous users Moderate
CVE-2024-51734 was published for AccessControl (pip) Nov 4, 2024
n1k9 Credited to n1k9, d-maurer, perrinjerome, and dataflake d-maurer d-maurer
perrinjerome perrinjerome dataflake dataflake
Improper Privilege Management in djangorestframework-simplejwt Low
CVE-2024-22513 was published for djangorestframework-simplejwt (pip) Mar 16, 2024
r3kumar Credited to r3kumar and dmdhrumilmistry dmdhrumilmistry dmdhrumilmistry
Improper Privilege Management in sap-xssec Critical
CVE-2023-50423 was published for sap-xssec (pip) Dec 13, 2023
rosenblueh Credited to rosenblueh
Duplicate Advisory: Privilege escalation in sap-xssec Critical
GHSA-p99h-pfg6-qrfg was published for sap-xssec (pip) Dec 12, 2023 withdrawn
Apache Spark vulnerable to Improper Privilege Management Critical
CVE-2023-22946 was published for org.apache.spark:spark-core_2.12 (Maven) Apr 17, 2023
pan3793 Credited to pan3793
OpenStack Kolla sudo privilege escalation vulnerability High
CVE-2022-38060 was published for kolla (pip) Dec 21, 2022
Sentry vulnerable to invite code reuse via cookie manipulation Moderate
CVE-2022-23485 was published for sentry (pip) Dec 12, 2022
tdunlap607 Credited to tdunlap607
Improper Privilege Management in rdiffweb Critical
CVE-2022-4314 was published for rdiffweb (pip) Dec 12, 2022
Execution with Unnecessary Privileges in JupyterApp High
CVE-2022-39286 was published for jupyter-core (pip) Oct 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database