Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

51 advisories

Loading
sour-exploit Credited to sour-exploit
LangGraph SDK has unsafe URL path construction Moderate
CVE-2026-48776 was published for langgraph-sdk (pip) Jun 25, 2026
pucagit Credited to pucagit
PraisonAI: Coarse-Grained Tool Approval Cache Bypasses Per-Invocation Consent for Shell Commands Moderate
CVE-2026-56074 was published for praisonaiagents (pip) Apr 10, 2026
offset Credited to offset
Duplicate Advisory: PraisonAI: Coarse-Grained Tool Approval Cache Bypasses Per-Invocation Consent for Shell Commands Moderate
GHSA-x44p-gg67-52fc was published for praisonai (pip) Jun 19, 2026 withdrawn
Open WebUI: Any authenticated user can read other users' private notes via Socket.IO Moderate
CVE-2026-54022 was published for open-webui (pip) Jun 17, 2026
johnatzeropath Credited to johnatzeropath and LeftenantZero LeftenantZero LeftenantZero
brodmart Credited to brodmart and Classic298 Classic298 Classic298
Read-Only Open WebUI Users Can Modify Collaborative Documents via Socket.IO Moderate
CVE-2026-44564 was published for open-webui (pip) May 8, 2026
Classic298 Credited to Classic298
Authlib OIDC Implicit/Hybrid Authorization Vulnerable to Open Redirect Moderate
CVE-2026-44681 was published for authlib (pip) May 13, 2026
y011d4 Credited to y011d4
offset Credited to offset
aliceQWAS Credited to aliceQWAS and Classic298 Classic298 Classic298
Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels Moderate
CVE-2026-44561 was published for open-webui (pip) May 8, 2026
Classic298 Credited to Classic298
Open WebUI vulnerable to Global Knowledge Base Enumeration via knowledge-bases Meta-Collection Moderate
CVE-2026-44557 was published for open-webui (pip) May 8, 2026
Classic298 Credited to Classic298
Open WebUI's Channel Access Grants Bypass filter_allowed_access_grants Moderate
CVE-2026-44558 was published for open-webui (pip) May 8, 2026
Classic298 Credited to Classic298
CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql` Moderate
CVE-2026-42032 was published for ckan (pip) Apr 30, 2026
ddd Credited to ddd
pyload-ng has a WebUI JSON permission mismatch that lets ADD/DELETE users invoke MODIFY-only actions Moderate
CVE-2026-40071 was published for pyload-ng (pip) Apr 8, 2026
komi22 Credited to komi22
openssl-encrypt has CORS wildcard with allow_credentials=True in standalone servers Moderate
GHSA-c65f-x25w-62jv was published for openssl-encrypt (pip) Apr 1, 2026
Apache Superset: Improper authorization validation on dashboards and charts import Moderate
CVE-2024-26016 was published for apache-superset (pip) Feb 28, 2024
oscerd Credited to oscerd
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data Moderate
CVE-2024-24773 was published for apache-superset (pip) Feb 28, 2024
oscerd Credited to oscerd
Apache Superset: Improper data authorization when creating a new dataset Moderate
CVE-2024-24779 was published for apache-superset (pip) Feb 28, 2024
oscerd Credited to oscerd
OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions Moderate
CVE-2015-5251 was published for glance (pip) May 17, 2022
priteau Credited to priteau
trytond does not enforce access rights for data export Moderate
CVE-2025-66424 was published for trytond (pip) Nov 30, 2025
ansible-core Incorrect Authorization vulnerability Moderate
CVE-2024-9902 was published for ansible-core (pip) Nov 6, 2024
Apache Superset Allows Ownership Takeover Moderate
CVE-2025-27696 was published for apache-superset (pip) May 13, 2025
ProTip! Advisories are also available from the GraphQL API