Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,248
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,513
Pub
12
RubyGems
997
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

18 advisories

Loading
Weblate: Missing access control for the AddonViewSet API exposes all addon configurations Moderate
CVE-2026-27457 was published for weblate (pip) Feb 26, 2026
nijel Credited to nijel
Weblate has an argument injection in management console Moderate
CVE-2026-24126 was published for Weblate (pip) Feb 17, 2026
alexb616 Credited to alexb616 and nijel nijel nijel
Weblate wlc path traversal vulnerability: Unsanitized API slugs in download command High
CVE-2026-23535 was published for wlc (pip) Jan 16, 2026
Zee99y Credited to Zee99y and nijel nijel nijel
Weblate leaks information via screenshots Low
CVE-2026-21889 was published for weblate (pip) Jan 14, 2026
nijel Credited to nijel and amCap1712 amCap1712 amCap1712
Weblate wlc has insecure API key configuration Moderate
CVE-2026-22251 was published for wlc (pip) Jan 12, 2026
nijel Credited to nijel and Zee99y Zee99y Zee99y
Weblate command-line client susceptible to SSL verification skip Low
CVE-2026-22250 was published for wlc (pip) Jan 12, 2026
nijel Credited to nijel and Zee99y Zee99y Zee99y
Weblate is vulnerable to RCE through Git config file overwrite Critical
CVE-2025-68398 was published for Weblate (pip) Dec 18, 2025
secjson Credited to secjson and nijel nijel nijel
Weblate has an arbitrary file read via symbolic links High
CVE-2025-68279 was published for Weblate (pip) Dec 18, 2025
secjson Credited to secjson and nijel nijel nijel
Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR) Moderate
CVE-2025-67715 was published for Weblate (pip) Dec 15, 2025
naxus-audit Credited to naxus-audit and nijel nijel nijel
Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration Moderate
CVE-2025-67492 was published for Weblate (pip) Dec 15, 2025
naxus-audit Credited to naxus-audit and nijel nijel nijel
Weblate leaks the IP of project member inviting user to be reviewer in Audit log Low
CVE-2025-64326 was published for weblate (pip) Nov 5, 2025
jermanuts Credited to jermanuts and nijel nijel nijel
Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode Moderate
CVE-2025-64716 was published for github.com/TecharoHQ/anubis (Go) Oct 30, 2025
nijel Credited to nijel and mbiesiad mbiesiad mbiesiad
Python Social Auth - Django has unsafe account association Moderate
CVE-2025-61783 was published for social-auth-app-django (pip) Oct 9, 2025
mel-mason Credited to mel-mason, vanya909, and nijel vanya909 vanya909
nijel nijel
Weblate has a long session expiry when verifying second factor Low
CVE-2025-58352 was published for Weblate (pip) Sep 4, 2025
nijel Credited to nijel
Weblate exposes personal IP address via e-mail Low
CVE-2025-49134 was published for weblate (pip) Jun 16, 2025
amCap1712 Credited to amCap1712 and nijel nijel nijel
Weblate lacks rate limiting when verifying second factor Moderate
CVE-2025-47951 was published for weblate (pip) Jun 16, 2025
nijel Credited to nijel, obscuredeer, and amCap1712 obscuredeer obscuredeer
amCap1712 amCap1712
VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext Low
CVE-2025-32021 was published for weblate (pip) Apr 15, 2025
joonashak Credited to joonashak, nijel, and gersona nijel nijel
gersona gersona
social-auth-app-django affected by Improper Handling of Case Sensitivity Moderate
CVE-2024-32879 was published for social-auth-app-django (pip) Apr 24, 2024
bradenmacdonald Credited to bradenmacdonald and nijel nijel nijel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database