Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,227
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,502
Pub
12
RubyGems
995
Rust
1,187
Swift
51
Unreviewed advisories
All unreviewed
5,000+

4,502 advisories

Loading
Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers High
CVE-2026-32634 was published for Glances (pip) Mar 16, 2026
restriction Credited to restriction
Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist` Critical
CVE-2026-32633 was published for Glances (pip) Mar 16, 2026
restriction Credited to restriction
Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding Moderate
CVE-2026-32632 was published for Glances (pip) Mar 16, 2026
restriction Credited to restriction
Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements High
CVE-2026-32611 was published for Glances (pip) Mar 16, 2026
restriction Credited to restriction
Glances's Default CORS Configuration Allows Cross-Origin Credential Theft High
CVE-2026-32610 was published for Glances (pip) Mar 16, 2026
restriction Credited to restriction
mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft High
CVE-2026-33010 was published for mcp-memory-service (pip) Mar 7, 2026
yotampe-pluto Credited to yotampe-pluto
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in nltk Moderate
CVE-2026-33230 was published for nltk (pip) Mar 18, 2026
JustHTML has a Sanitizer Bypass (in Markdown) Moderate
GHSA-3rcm-vjrc-p45j was published for justhtml (pip) Mar 18, 2026
kejcao Credited to kejcao
JustHTML Affected by Mutation XSS via Literal Text Serialization in Raw Text Elements (style/script) Moderate
GHSA-qvc2-mg72-jjhx was published for justhtml (pip) Mar 18, 2026
restriction Credited to restriction
Natural Language Toolkit (NLTK) has unbounded recursion in JSONTaggedDecoder.decode_obj() may cause DoS Moderate
GHSA-rf74-v2fm-23pw was published for nltk (pip) Mar 18, 2026
ZeroXJacks Credited to ZeroXJacks
DeepDiff has Memory Exhaustion DoS through SAFE_TO_IMPORT High
CVE-2026-33155 was published for deepdiff (pip) Mar 18, 2026
am-periphery Credited to am-periphery
dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver High
CVE-2026-33154 was published for dynaconf (pip) Mar 18, 2026
redyank Credited to redyank
Mesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-py Critical
CVE-2026-33057 was published for mesop (pip) Mar 18, 2026
liyander Credited to liyander
Mesop has a Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion Critical
CVE-2026-33054 was published for mesop (pip) Mar 18, 2026
liyander Credited to liyander
Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution Moderate
CVE-2026-33140 was published for pyspector (pip) Mar 18, 2026
satoridev01 Credited to satoridev01
PySpector has a Plugin Sandbox Bypass leads to Arbitrary Code Execution High
CVE-2026-33139 was published for pyspector (pip) Mar 18, 2026
Shinigami81 Credited to Shinigami81
Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization High
CVE-2026-30911 was published for apache-airflow (pip) Mar 17, 2026
Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications High
CVE-2026-28779 was published for apache-airflow (pip) Mar 17, 2026
Apache Airflow: DAG authorization bypass Moderate
CVE-2026-28563 was published for apache-airflow (pip) Mar 17, 2026
Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata High
CVE-2026-26929 was published for apache-airflow (pip) Mar 17, 2026
pypdf has inefficient decoding of array-based streams Moderate
CVE-2026-33123 was published for pypdf (pip) Mar 18, 2026
kule500 Credited to kule500 and stefan6419846 stefan6419846 stefan6419846
Frigte has broken access control viewer user can delete admin and other users account High
CVE-2026-33125 was published for frigate (pip) Mar 18, 2026
czerlun Credited to czerlun
UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop High
CVE-2026-32875 was published for ujson (pip) Mar 18, 2026
bwoodsend Credited to bwoodsend
UltraJSON has a Memory Leak parsing large integers allows DoS High
CVE-2026-32874 was published for ujson (pip) Mar 18, 2026
Skevros Credited to Skevros and bwoodsend bwoodsend bwoodsend
Langflow is Missing Ownership Verification in API Key Deletion (IDOR) High
CVE-2026-33053 was published for langflow (pip) Mar 18, 2026
FaizanKolega Credited to FaizanKolega, kolega-ai-dev, andifilhohub, and erichare kolega-ai-dev kolega-ai-dev
andifilhohub andifilhohub erichare erichare
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database