GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
54 advisories
Filter by severity
Lemur has an authorization bypass in StrictRolePermission / AuthorityCreatorPermission
High
CVE-2026-48508
was published
for
lemur
(pip)
Jun 25, 2026
stigmem-node: decay sweep expires and counts facts across all tenants (cross-tenant BOLA)
High
GHSA-6gqw-jqv7-v88m
was published
for
stigmem-node
(pip)
Jun 19, 2026
stistigmem-node: quarantine review surface exposes and mutates other tenants' quarantined facts (cross-tenant BOLA)
High
GHSA-xhv3-q4xx-349r
was published
for
stigmem-node
(pip)
Jun 19, 2026
PraisonAI recipe workflow policy can be bypassed by declaring and YAML-approving dangerous tools outside TEMPLATE.yaml
High
GHSA-7qw2-w5rc-37x2
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI Code agent tools fail open without a workspace boundary
High
GHSA-gcq3-mfvh-3x25
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI: Compute-bridged file tools allow shell command injection
High
GHSA-w6h2-fr4q-xvxv
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI recipe.run_stream skips dangerous-tool policy enforcement
High
GHSA-v847-hxxw-3pxg
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI Slack app_mention bypasses configured user/channel authorization
High
GHSA-qvpf-j64c-jmhr
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI DiscordApproval accepts unrelated channel messages as dangerous-tool approvals
High
GHSA-8579-rgg5-ph2m
was published
for
praisonai
(pip)
Jun 18, 2026
LiteLLM allows a user to modify their own user_role via the /user/update endpoint
High
CVE-2026-47102
was published
for
litellm
(pip)
May 21, 2026
LiteLLM allows an authenticated internal_user to create API keys with access to routes that their role does not permit
High
CVE-2026-47101
was published
for
litellm
(pip)
May 21, 2026
wger: cross-tenant account deletion / deactivation / activation by gym.manage_gym + gym=None
High
GHSA-mw8f-w6p8-xrf4
was published
for
wger
(pip)
May 20, 2026
Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed
High
CVE-2026-45672
was published
for
open-webui
(pip)
May 14, 2026
Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access
High
CVE-2026-44553
was published
for
open-webui
(pip)
May 8, 2026
OpenStack Cyborg uses rule:allow (check_str='@') as the default policy for multiple API endpoints
High
CVE-2026-40213
was published
for
openstack-cyborg
(pip)
May 8, 2026
pyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an attacker-controlled proxy via unrestricted `proxy.*` config (incomplete fix for CVE-2026-33509 / -35463 / -35464 / -35586)
High
CVE-2026-42313
was published
for
pyload-ng
(pip)
May 4, 2026
OpenStack Keystone has an Incorrect Authorization Issue
High
CVE-2026-43001
was published
for
keystone
(pip)
May 1, 2026
CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`
High
CVE-2026-42031
was published
for
ckan
(pip)
Apr 29, 2026
Apache Airflow allows users with asset materialize permissions to trigger DAGs outside of their permissions
High
CVE-2026-32228
was published
for
apache-airflow-core
(pip)
Apr 18, 2026
PraisonAI: Hardcoded `approval_mode="auto"` in Chainlit UI Overrides Administrator Configuration, Enabling Unapproved Shell Command Execution
High
GHSA-qwgj-rrpj-75xm
was published
for
PraisonAI
(pip)
Apr 10, 2026
pyLoad: Unprotected storage_folder enables arbitrary file write to Flask session store and code execution (Incomplete fix for CVE-2026-33509)
High
CVE-2026-35464
was published
for
pyload-ng
(pip)
Apr 4, 2026
LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint
High
CVE-2026-35029
was published
for
litellm
(pip)
Apr 3, 2026
FastMCP OAuth Proxy token reuse across MCP servers
High
CVE-2025-69196
was published
for
fastmcp
(pip)
Mar 16, 2026
PyJWT accepts unknown `crit` header extensions
High
CVE-2026-32597
was published
for
PyJWT
(pip)
Mar 13, 2026
Apache Superset: Read-Only Bypass via Improper Input Validation on PostgreSQL Connections
High
CVE-2026-23984
was published
for
apache-superset
(pip)
Feb 24, 2026
ProTip!
Advisories are also available from the
GraphQL API