Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

9 advisories

Loading
Gradio's CORS origin validation accepts the null origin Moderate
CVE-2024-47165 was published for gradio (pip) Oct 10, 2024
ahpaleus Credited to ahpaleus and Vasco-jofra Vasco-jofra Vasco-jofra
Flask-CORS allows for inconsistent CORS matching Moderate
CVE-2024-6844 was published for flask-cors (pip) Mar 20, 2025
adrianosela Credited to adrianosela
Apache Airflow AWS Auth Manager has Host Header Injection Leading to SAML Authentication Bypass Moderate
CVE-2026-25604 was published for apache-airflow-providers-amazon (pip) Mar 9, 2026
Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding Moderate
CVE-2026-32632 was published for Glances (pip) Mar 16, 2026
offset Credited to offset
AIOHTTP is vulnerable to cross-origin redirect with per-request cookies Moderate
CVE-2026-47265 was published for aiohttp (pip) Jun 3, 2026
Dreamsorcerer Credited to Dreamsorcerer
Improper Authentication and Origin Validation Error in pyload-ng Moderate
CVE-2026-33314 was published for pyload-ng (pip) Mar 19, 2026
Jaynornj Credited to Jaynornj and Pr00fOf3xpl0it Pr00fOf3xpl0it Pr00fOf3xpl0it
offset Credited to offset
dbt MCP Server: Unauthenticated OAuth Context Endpoint Leaks dbt Platform Tokens Moderate
CVE-2026-55837 was published for dbt-mcp (pip) Jun 19, 2026
EQSTLab Credited to EQSTLab
Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack Moderate
CVE-2026-46611 was published for glances (pip) Jun 22, 2026
sectroyer Credited to sectroyer
ProTip! Advisories are also available from the GraphQL API