Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

4,226 advisories

Loading
Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter Critical
GHSA-5882-5rx9-xgxp was published for Crawl4AI (pip) Jan 16, 2026
Crawl4AI Has Local File Inclusion in Docker API via file:// URLs High
GHSA-vx9w-5cx4-9796 was published for crawl4ai (pip) Jan 16, 2026
pyasn1 has a DoS vulnerability in decoder High
CVE-2026-23490 was published for pyasn1 (pip) Jan 16, 2026
tsigouris007
Credited to tsigouris007
Weblate wlc path traversal vulnerability: Unsanitized API slugs in download command High
CVE-2026-23535 was published for wlc (pip) Jan 16, 2026
Zee99y nijel
Credited to Zee99y and nijel
Dask Distributed is Vulnerable to Remote Code Execution via Jupyter Proxy and Dashboard Moderate
CVE-2026-23528 was published for distributed (pip) Jan 16, 2026
Apache Airflow secrets in rendered templates could contain parts of sensitive values when truncated High
CVE-2025-68438 was published for apache-airflow (pip) Jan 16, 2026
Apache Airflow proxy credentials for various providers might leak in task logs High
CVE-2025-68675 was published for apache-airflow (pip) Jan 16, 2026
Google Keras Allocates Resources Without Limits or Throttling in the HDF5 weight loading component High
CVE-2026-0897 was published for keras (pip) Jan 15, 2026
BlackSheep's ClientSession is vulnerable to CRLF injection Moderate
CVE-2026-22779 was published for blacksheep (pip) Jan 14, 2026
tr4ce-ju
Credited to tr4ce-ju
Weblate leaks information via screenshots Low
CVE-2026-21889 was published for weblate (pip) Jan 14, 2026
nijel amCap1712
Credited to nijel and amCap1712
Chainlit contains an authorization bypass vulnerability Low
CVE-2025-68492 was published for chainlit (pip) Jan 14, 2026
GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE High
CVE-2026-22871 was published for guarddog (pip) Jan 13, 2026
dwBruijn
Credited to dwBruijn
GuardDog Zip Bomb Vulnerability in safe_extract() Allows DoS High
CVE-2026-22870 was published for guarddog (pip) Jan 13, 2026
dwBruijn
Credited to dwBruijn
jaraco.context Has a Path Traversal Vulnerability High
GHSA-58pv-8j8x-9vj2 was published for jaraco.context (pip) Jan 13, 2026
tsigouris007
Credited to tsigouris007
Azure Core is vulnerable to deserialization of untrusted data High
CVE-2026-21226 was published for azure-core (pip) Jan 13, 2026
hermes's raw options logging may disclose secrets passed in via subcommand options argument Moderate
CVE-2026-22798 was published for hermes (pip) Jan 13, 2026
thunze sdruskat
zyzzyxdonta
Credited to thunze, sdruskat, and zyzzyxdonta
ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler High
CVE-2026-22777 was published for comfy-cli (pip) Jan 13, 2026
virtualenv Has TOCTOU Vulnerabilities in Directory Creation Moderate
CVE-2026-22702 was published for virtualenv (pip) Jan 13, 2026
tsigouris007
Credited to tsigouris007
filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock Moderate
CVE-2026-22701 was published for filelock (pip) Jan 13, 2026
tsigouris007
Credited to tsigouris007
vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions Moderate
CVE-2026-22773 was published for vllm (pip) Jan 13, 2026
oxcabe Isotr0py
DarkLight1337
Credited to oxcabe, Isotr0py, and DarkLight1337
Weblate wlc has insecure API key configuration Moderate
CVE-2026-22251 was published for wlc (pip) Jan 12, 2026
nijel Zee99y
Credited to nijel and Zee99y
Weblate command-line client susceptible to SSL verification skip Low
CVE-2026-22250 was published for wlc (pip) Jan 12, 2026
nijel Zee99y
Credited to nijel and Zee99y
Label Studio is vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field High
CVE-2026-22033 was published for label-studio (pip) Jan 12, 2026
david3107
Credited to david3107
MindsDB has improper sanitation of filepath that leads to information disclosure and DOS High
CVE-2025-68472 was published for MindsDB (pip) Jan 12, 2026
locus-x64
Credited to locus-x64
MLFlow is vulnerable to DNS rebinding attacks due to a lack of Origin header validation High
CVE-2025-14279 was published for mlflow (pip) Jan 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database