Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,723
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,947
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

2,008 advisories

Loading
BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context Moderate
CVE-2026-40610 was published for bentoml (pip) May 7, 2026
larlarua Credited to larlarua
docling-graph has SSRF via Missing Internal IP Validation in URLInputHandler Moderate
CVE-2026-44520 was published for docling-graph (pip) May 7, 2026
ayoub-ibm Credited to ayoub-ibm and dolfim-ibm dolfim-ibm dolfim-ibm
Weblate vulnerable to XSS via crafted Markdown Moderate
CVE-2026-44264 was published for weblate (pip) May 7, 2026
nijel Credited to nijel
Weblate Vulnerable to Private Translation Enumeration via Screenshot API Moderate
CVE-2026-44263 was published for weblate (pip) May 7, 2026
luay89 Credited to luay89 and nijel nijel nijel
Playwright Capture permits access to local files and internal network resources during page capture Moderate
CVE-2026-44439 was published for PlaywrightCapture (pip) May 6, 2026
Rafiot Credited to Rafiot and jeroengui jeroengui jeroengui
axonflow-sdk-python: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification Moderate
GHSA-7f4h-6264-89fr was published for axonflow (pip) May 6, 2026
pyquorum: Timing side‑channel in mul_mod Moderate
CVE-2026-44368 was published for pyquorum (pip) May 6, 2026
misp-modules has nsafe remote resource fetching in expansion Moderate
CVE-2026-44363 was published for misp-modules (pip) May 6, 2026
DavidCruciani Credited to DavidCruciani
vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters Moderate
CVE-2026-44223 was published for vllm (pip) May 6, 2026
Yunzez Credited to Yunzez
Granian vulnerable to DoS via WSGI response header panic Moderate
CVE-2026-42545 was published for granian (pip) May 6, 2026
Z-Bra0 Credited to Z-Bra0
wger: trainer_login open redirect - ?next= parameter not validated against host Moderate
GHSA-vqv8-j3mj-wjxj was published for wger (pip) May 6, 2026
whatisproblem Credited to whatisproblem
Lemur: LDAP Authentication Globally Disables TLS Certificate Verification When LDAP_USE_TLS Is Enabled Moderate
CVE-2026-44305 was published for lemur (pip) May 6, 2026
kuranikaran Credited to kuranikaran
PyLoad vulnerable to unauthenticated traceback disclosure via global exception handler in WebUI Moderate
CVE-2026-44226 was published for pyload-ng (pip) May 6, 2026
vLLM Vulnerable to Remote DoS via Special-Token Placeholders Moderate
CVE-2026-44222 was published for vllm (pip) May 5, 2026
wumingzhilian Credited to wumingzhilian
ciguard: SCA HTTP client reads response body without size cap Moderate
CVE-2026-44219 was published for ciguard (pip) May 5, 2026
PyLoad Vulnerable to Path Traversal via Package Folder Name Moderate
CVE-2026-42314 was published for pyload-ng (pip) May 5, 2026
l3tchupkt Credited to l3tchupkt
Ethyca Fides has a Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection Moderate
CVE-2026-42303 was published for ethyca-fides (pip) May 5, 2026
RobertKeyser Credited to RobertKeyser and daveqnet daveqnet daveqnet
wireshark-mcp vulnerable to arbitrary file write via export_objects when WIRESHARK_MCP_ALLOWED_DIRS is not configured Moderate
CVE-2026-43901 was published for wireshark-mcp (pip) May 5, 2026
bx33661 Credited to bx33661
requests-hardened is Vulnerable to Server-Side Request Forgery Moderate
CVE-2026-42175 was published for requests-hardened (pip) May 5, 2026
hits313 Credited to hits313
PPTAgent: Arbitrary File Write via `save_generated_slides` Moderate
CVE-2026-42080 was published for pptagent (pip) May 5, 2026
Koukyosyumei Credited to Koukyosyumei
PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image Moderate
CVE-2026-42078 was published for pptagent (pip) May 5, 2026
Koukyosyumei Credited to Koukyosyumei
JupyterHub has cross-origin form POSTs bypass XSRF (CWE-352) Moderate
CVE-2026-40864 was published for jupyterhub (pip) May 5, 2026
romain-deperne Credited to romain-deperne
Jupyter Server's Authentication Cookies Remain Valid After Password Reset and Server Restart Moderate
CVE-2026-40934 was published for jupyter-server (pip) May 5, 2026
emin63 Credited to emin63 and Yann-P Yann-P Yann-P
Jupyter Server has an open redirection vulnerability in `next` query parameter Moderate
CVE-2025-61669 was published for jupyter-server (pip) May 5, 2026
dlqqq Credited to dlqqq, niwasak1, Yann-P, and Carreau niwasak1 niwasak1
Yann-P Yann-P Carreau Carreau
ogham-mcp had credentials embedded in published PyPI sdists -- Neon postgres URLs and Voyage API key Moderate
GHSA-8pqq-224h-x875 was published for ogham-mcp (pip) May 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database