Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,948
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,383
Swift
56
Unreviewed advisories
All unreviewed
5,000+

15 advisories

Loading
praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership Moderate
CVE-2026-47408 was published for praisonai-platform (pip) May 29, 2026
Open WebUI has an Indirect Object Reference (IDOR) in user notes Moderate
CVE-2026-45666 was published for open-webui (pip) May 14, 2026
zeeshanyshaikh Credited to zeeshanyshaikh
Open WebUI has an IDOR vulnerability in the pin_channel_message API endpoint Moderate
CVE-2026-45386 was published for open-webui (pip) May 14, 2026
kikayli Credited to kikayli and Classic298 Classic298 Classic298
Open WebUI has an IDOR vulnerability in the update_message_by_id API endpoint Moderate
CVE-2026-45385 was published for open-webui (pip) May 14, 2026
kikayli Credited to kikayli and Classic298 Classic298 Classic298
OpenStack Keystone intended authorization restrictions bypass Moderate
CVE-2012-5571 was published for Keystone (pip) May 17, 2022
wger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookup Moderate
CVE-2026-27839 was published for wger (pip) Feb 26, 2026
ByamB4 Credited to ByamB4
wger: IDOR in RepetitionsConfig and MaxRepetitionsConfig API leak other users' workout data Moderate
CVE-2026-27835 was published for wger (pip) Feb 26, 2026
ByamB4 Credited to ByamB4
Khoj has an IDOR in Notion OAuth Flow that Enables Index Poisoning Moderate
CVE-2025-69207 was published for khoj (pip) Feb 2, 2026
Cillian-Collins Credited to Cillian-Collins
askbot inexhaustive permissions check allows any user to modify a different user's profile picture Moderate
CVE-2026-1213 was published for askbot (pip) Jan 27, 2026
open-webui Insecure Direct Object Reference (IDOR) vulnerability Moderate
CVE-2024-7041 was published for open-webui (pip) Oct 9, 2024
Indico may disclose unauthorized user details access via legacy API Moderate
CVE-2025-59034 was published for indico (pip) Sep 10, 2025
inkz Credited to inkz
Indico vulnerability allows attackers to bulk dump user details Moderate
CVE-2025-53640 was published for indico (pip) Jul 14, 2025
rafaelcorvino1 Credited to rafaelcorvino1, rildosouza, and nmmorette rildosouza rildosouza
nmmorette nmmorette
Indico Insecure Access Moderate
CVE-2024-50633 was published for indico (pip) Jan 16, 2025
khoj has an IDOR in subscription management allows unauthorized subscription modifications Moderate
CVE-2024-52294 was published for khoj (pip) Dec 30, 2024
adventure8812 Credited to adventure8812 and r0path r0path r0path
Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator Moderate
CVE-2022-31027 was published for oauthenticator (pip) Jun 6, 2022
GeorgianaElena Credited to GeorgianaElena and yuvipanda yuvipanda yuvipanda
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database