GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,758 advisories
sqlparse: formatting list of tuples leads to denial of service
Moderate
GHSA-27jp-wm6q-gp25
was published
for
sqlparse
(pip)
Feb 13, 2026
Litestar's FileStore key canonicalization collisions allow response cache mixup/poisoning (ASCII ord + Unicode NFKD)
Moderate
CVE-2026-25480
was published
for
litestar
(pip)
Feb 9, 2026
Litestar's AllowedHosts has a validation bypass due to unescaped regex metacharacters in configured host patterns
Moderate
CVE-2026-25479
was published
for
litestar
(pip)
Feb 9, 2026
Apache Airflow UI Exposes DAG Import Errors to Unauthorized Authenticated Users
Moderate
CVE-2026-24098
was published
for
apache-airflow
(pip)
Feb 9, 2026
Apache Airflow Has an Authorization Bypass That Allows Unauthorized Task Log Access
Moderate
CVE-2026-22922
was published
for
apache-airflow
(pip)
Feb 9, 2026
MCP Run Python Deno Sandbox Misconfiguration Allows SSRF Attacks via Localhost Access
Moderate
CVE-2026-25904
was published
for
mcp-run-python
(pip)
Feb 9, 2026
MCP Run Python has a Sandbox Escape & Server Takeover Vulnerability
Moderate
CVE-2026-25905
was published
for
mcp-run-python
(pip)
Feb 9, 2026
NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content
Moderate
CVE-2026-25516
was published
for
nicegui
(pip)
Feb 5, 2026
Wagtail has improper permission handling on admin preview endpoints
Moderate
CVE-2026-25517
was published
for
wagtail
(pip)
Feb 3, 2026
picklescan vulnerable to arbitrary file create using logging.FileHandler
Moderate
GHSA-m7j5-r2p5-c39r
was published
for
picklescan
(pip)
Feb 2, 2026
Khoj has an IDOR in Notion OAuth Flow that Enables Index Poisoning
Moderate
CVE-2025-69207
was published
for
khoj
(pip)
Feb 2, 2026
Unfurl's unbounded zlib decompression allows decompression bomb DoS
Moderate
GHSA-h5qv-qjv4-pc5m
was published
for
dfir-unfurl
(pip)
Jan 29, 2026
TaskWeaver has Protection Mechanism Failure and Server-Side Request Forgery (SSRF)
Moderate
GHSA-gpx9-96j6-pp87
was published
for
agentos-taskweaver
(pip)
Jan 28, 2026
OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication
Moderate
CVE-2026-23892
was published
for
OctoPrint
(pip)
Jan 27, 2026
pypdf has possible Infinite Loop when processing outlines/bookmarks
Moderate
CVE-2026-24688
was published
for
pypdf
(pip)
Jan 26, 2026
Gakido vulnerable to HTTP Header Injection (CRLF Injection)
Moderate
CVE-2026-24489
was published
for
gakido
(pip)
Jan 26, 2026
orjson does not limit recursion for deeply nested JSON documents
Moderate
CVE-2025-67221
was published
for
orjson
(pip)
Jan 22, 2026
Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true
Moderate
CVE-2026-23986
was published
for
copier
(pip)
Jan 21, 2026
ProTip!
Advisories are also available from the
GraphQL API