GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
34 advisories
Backend.AI Missing Authorization vulnerability
High
CVE-2025-49651
was published
for
backend.ai
(pip)
Jun 9, 2025
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation
High
CVE-2025-57817
was published
for
ethyca-fides
(pip)
Sep 8, 2025
langflow has Unauthenticated IDOR on Image Downloads
High
CVE-2026-33484
was published
for
langflow
(pip)
Mar 20, 2026
Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check
High
CVE-2026-34046
was published
for
langflow
(pip)
Mar 27, 2026
Ajenti has an authorization bypass during custom package installation
High
CVE-2026-35175
was published
for
ajenti-panel
(pip)
Apr 3, 2026
wger has Broken Access Control in Global Gym Configuration Update Endpoint
High
CVE-2026-40474
was published
for
wger
(pip)
Apr 16, 2026
Open WebUI's Base Model Routing Bypasses Access Control via Model Chaining
High
CVE-2026-44555
was published
for
open-webui
(pip)
May 8, 2026
Open WebUI's responses passthrough endpoint lacks access control authorization
High
CVE-2026-44556
was published
for
open-webui
(pip)
May 8, 2026
Open WebUI has Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite
High
CVE-2026-44554
was published
for
open-webui
(pip)
May 8, 2026
Open WebUI has Improper Authorization Control
High
CVE-2026-44567
was published
for
open-webui
(pip)
May 8, 2026
Open WebUI's Insecure Message Access Breaks Authorization
High
CVE-2026-44569
was published
for
open-webui
(pip)
May 11, 2026
Open WebUI: Low-privilege authenticated users can enumerate and stop global background tasks, causing system-wide chat disruption
High
CVE-2026-45399
was published
for
open-webui
(pip)
May 14, 2026
wger: cross-tenant account deletion / deactivation / activation by gym.manage_gym + gym=None
High
GHSA-mw8f-w6p8-xrf4
was published
for
wger
(pip)
May 20, 2026
PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, deploy.validate
High
CVE-2026-47394
was published
for
PraisonAI
(pip)
May 29, 2026
PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API
High
CVE-2026-48169
was published
for
praisonai-platform
(pip)
May 29, 2026
PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership
High
CVE-2026-47405
was published
for
praisonai-platform
(pip)
May 29, 2026
ProTip!
Advisories are also available from the
GraphQL API