GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,380 advisories
Copyparty vulnerable to reflected XSS via setck parameter
Moderate
CVE-2026-27948
was published
for
copyparty
(pip)
Feb 26, 2026
wger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookup
Moderate
CVE-2026-27839
was published
for
wger
(pip)
Feb 26, 2026
wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data
Low
CVE-2026-27838
was published
for
wger
(pip)
Feb 26, 2026
wger: IDOR in RepetitionsConfig and MaxRepetitionsConfig API leak other users' workout data
Moderate
CVE-2026-27835
was published
for
wger
(pip)
Feb 26, 2026
pypdf: Manipulated FlateDecode XFA streams can exhaust RAM
Moderate
CVE-2026-27888
was published
for
pypdf
(pip)
Feb 26, 2026
Weblate: Missing access control for the AddonViewSet API exposes all addon configurations
Moderate
CVE-2026-27457
was published
for
weblate
(pip)
Feb 26, 2026
LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution
Moderate
CVE-2026-27794
was published
for
langgraph-checkpoint
(pip)
Feb 25, 2026
zae-limiter: DynamoDB hot partition throttling enables per-entity Denial of Service
Moderate
CVE-2026-27695
was published
for
zae-limiter
(pip)
Feb 25, 2026
Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attribute
Moderate
CVE-2026-25736
was published
for
rucio-webui
(pip)
Feb 25, 2026
Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name
Moderate
CVE-2026-25735
was published
for
rucio-webui
(pip)
Feb 25, 2026
Rucio WebUI has Stored Cross-site Scripting (XSS) in RSE Metadata
Moderate
CVE-2026-25734
was published
for
rucio-webui
(pip)
Feb 25, 2026
changedetection.io is Vulnerable to SSRF via Watch URLs
High
CVE-2026-27696
was published
for
changedetection.io
(pip)
Feb 25, 2026
changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response
Moderate
CVE-2026-27645
was published
for
changedetection.io
(pip)
Feb 25, 2026
Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection
Critical
CVE-2026-27641
was published
for
flask-reuploaded
(pip)
Feb 25, 2026
Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function
High
CVE-2026-25733
was published
for
rucio-webui
(pip)
Feb 25, 2026
Rucio WebUI has Username Enumeration via Login Error Message
Moderate
CVE-2026-25138
was published
for
rucio-webui
(pip)
Feb 25, 2026
Rucio WebUI has a Reflected Cross-site Scripting Vulnerability
High
CVE-2026-25136
was published
for
rucio-webui
(pip)
Feb 25, 2026
pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams
Low
CVE-2026-27628
was published
for
pypdf
(pip)
Feb 25, 2026
Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering
Critical
CVE-2026-27614
was published
for
bugsink
(pip)
Feb 25, 2026
Fickling has safety check bypass via REDUCE+BUILD opcode sequence
Moderate
GHSA-mhc9-48gj-9gp3
was published
for
fickling
(pip)
Feb 25, 2026
Fickling: OBJ opcode call invisibility bypasses all safety checks
High
GHSA-mxhj-88fx-4pcv
was published
for
fickling
(pip)
Feb 24, 2026
MindsDB: Path Traversal in /api/files Leading to Remote Code Execution
High
CVE-2026-27483
was published
for
mindsdb
(pip)
Feb 24, 2026
ProTip!
Advisories are also available from the
GraphQL API