Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

11 advisories

Loading
PraisonAI: Unauthenticated RCE via Jobs API + Approval Bypass Critical
GHSA-4869-x4pr-q22x was published for praisonai (pip) Jun 18, 2026
lc13n Credited to lc13n
changedetection.io Vulnerable to Authentication Bypass via Decorator Ordering Critical
CVE-2026-35490 was published for changedetection.io (pip) Apr 6, 2026
axel-corsiez Credited to axel-corsiez
PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation Critical
CVE-2026-47407 was published for praisonai-platform (pip) May 29, 2026
spbavarva Credited to spbavarva
wger: cross-tenant password reset and plaintext disclosure via gym=None bypass Critical
CVE-2026-43948 was published for wger (pip) May 6, 2026
whatisproblem Credited to whatisproblem
Codechecker has an authentication bypass for certain API calls Critical
CVE-2026-25660 was published for codechecker (pip) May 5, 2026
mtolley Credited to mtolley
PraisonAI Has Authentication Bypass via OAuthManager.validate_token() Critical
CVE-2026-34953 was published for praisonai (pip) Apr 1, 2026
YeranG30 Credited to YeranG30
Apache Submarine Server Core Incorrect Authorization vulnerability Critical
CVE-2024-36265 was published for apache-submarine (Maven) Jun 12, 2024
Vyper has incorrectly allocated named re-entrancy locks Critical
CVE-2023-39363 was published for vyper (pip) Aug 9, 2023
trocher Credited to trocher
Improper Authorization and Origin Validation Error in OneFuzz Critical
CVE-2021-37705 was published for onefuzz (pip) Aug 13, 2021
Openstack Keystone Incorrect Authorization vulnerability Critical
CVE-2021-3563 was published for keystone (pip) Aug 27, 2022
Duplicate Advisory: Incorrect Authorization in Gerapy Critical
CVE-2021-44597 was published for gerapy (pip) Mar 11, 2022 withdrawn
ProTip! Advisories are also available from the GraphQL API