GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,742 advisories
pyLoad SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration
High
CVE-2026-33509
was published
for
pyload-ng
(pip)
Mar 20, 2026
langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading
High
CVE-2026-33497
was published
for
langflow
(pip)
Mar 20, 2026
langflow has Unauthenticated IDOR on Image Downloads
High
CVE-2026-33484
was published
for
langflow
(pip)
Mar 20, 2026
pydicom has a path traversal in FileSet/DICOMDIR ReferencedFileID allows file access outside the File-set root
High
CVE-2026-32711
was published
for
pydicom
(pip)
Mar 20, 2026
Intake has a Command Injection via shell() Expansion in Parameter Defaults
High
CVE-2026-33310
was published
for
intake
(pip)
Mar 19, 2026
ormar Pydantic Validation Bypass via __pk_only__ and __excluded__ Kwargs Injection in Model Constructor
High
CVE-2026-27953
was published
for
ormar
(pip)
Mar 19, 2026
Unauthenticated remote shutdown in nltk.app.wordnet_app
High
CVE-2026-33231
was published
for
nltk
(pip)
Mar 19, 2026
DeepDiff has Memory Exhaustion DoS through SAFE_TO_IMPORT
High
CVE-2026-33155
was published
for
deepdiff
(pip)
Mar 18, 2026
dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver
High
CVE-2026-33154
was published
for
dynaconf
(pip)
Mar 18, 2026
PySpector has a Plugin Sandbox Bypass leads to Arbitrary Code Execution
High
CVE-2026-33139
was published
for
pyspector
(pip)
Mar 18, 2026
Frigte has broken access control viewer user can delete admin and other users account
High
CVE-2026-33125
was published
for
frigate
(pip)
Mar 18, 2026
UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop
High
CVE-2026-32875
was published
for
ujson
(pip)
Mar 18, 2026
UltraJSON has a Memory Leak parsing large integers allows DoS
High
CVE-2026-32874
was published
for
ujson
(pip)
Mar 18, 2026
Langflow is Missing Ownership Verification in API Key Deletion (IDOR)
High
CVE-2026-33053
was published
for
langflow
(pip)
Mar 18, 2026
Denial of Service in pyasn1 via Unbounded Recursion
High
CVE-2026-30922
was published
for
pyasn1
(pip)
Mar 17, 2026
Uncontrolled recursion DoS in JustHTML() via deeply nested HTML
High
GHSA-v7cf-c9rm-wm3j
was published
for
justhtml
(pip)
Mar 17, 2026
Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers
High
CVE-2026-32634
was published
for
Glances
(pip)
Mar 16, 2026
Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements
High
CVE-2026-32611
was published
for
Glances
(pip)
Mar 16, 2026
Glances's Default CORS Configuration Allows Cross-Origin Credential Theft
High
CVE-2026-32610
was published
for
Glances
(pip)
Mar 16, 2026
ProTip!
Advisories are also available from the
GraphQL API