Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
42
Go
3,124
Maven
5,000+
npm
5,000+
NuGet
826
pip
4,434
Pub
12
RubyGems
988
Rust
1,172
Swift
50
Unreviewed advisories
All unreviewed
5,000+

371 advisories

Loading
dbt-common's commonprefix() doesn't protect against path traversal Low
CVE-2026-29790 was published for dbt-common (pip) Mar 5, 2026
sethmlarson Credited to sethmlarson and emmyoop emmyoop emmyoop
Django has a Race Condition vulnerability Low
CVE-2026-25674 was published for Django (pip) Mar 3, 2026
Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret Low
CVE-2026-27167 was published for gradio (pip) Mar 1, 2026
tenbbughunters Credited to tenbbughunters
wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data Low
CVE-2026-27838 was published for wger (pip) Feb 26, 2026
ByamB4 Credited to ByamB4
dbt-core's secret env vars written to package-lock.json in plaintext Low
GHSA-j4g3-3q8x-jxqp was published for dbt-core (pip) Dec 8, 2023
jtcohen6 Credited to jtcohen6, MichelleArk, and martynydbt MichelleArk MichelleArk
martynydbt martynydbt
Apache Superset allows authenticated users to view sensitive data without explicit permissions Low
CVE-2026-23983 was published for apache-superset (pip) Feb 24, 2026
datapizza-ai has unsafe deserialization via pickle.loads() in RedisCache Low
CVE-2026-2970 was published for datapizza-ai-core (pip) Feb 23, 2026
datapizza-ai: Server-Side Template Injection in ChatPromptTemplate via Jinja2 Template Handler Low
CVE-2026-2969 was published for datapizza-ai-core (pip) Feb 23, 2026
pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams Low
CVE-2026-27628 was published for pypdf (pip) Feb 25, 2026
rampageservices Credited to rampageservices
LIEF is vulnerable to segmentation fault Low
CVE-2025-15504 was published for lief (pip) Jan 10, 2026
Flask session does not add `Vary: Cookie` header when accessed in some ways Low
CVE-2026-27205 was published for flask (pip) Feb 19, 2026
shouryaj98 Credited to shouryaj98
Fickling has a detection bypass via stdlib network-protocol constructors Low
GHSA-83pf-v6qq-pwmr was published for fickling (pip) Feb 20, 2026
NucleiAv Credited to NucleiAv
MindsDB affected by a SSRF vulnerability Low
CVE-2026-2531 was published for MindsDB (pip) Feb 16, 2026
LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages Low
CVE-2026-26013 was published for langchain-core (pip) Feb 11, 2026
Finder16 Credited to Finder16
Django has Inefficient Algorithmic Complexity Low
CVE-2026-1285 was published for Django (pip) Feb 3, 2026
Django has Inefficient Algorithmic Complexity Low
CVE-2025-14550 was published for Django (pip) Feb 3, 2026
Django has Observable Timing Discrepancy Low
CVE-2025-13473 was published for Django (pip) Feb 3, 2026
pip Path Traversal vulnerability Low
CVE-2026-1703 was published for pip (pip) Feb 2, 2026
Llama Stack exposes secret in initialization log Low
CVE-2026-25211 was published for llama-stack (pip) Jan 30, 2026
sigstore CSRF possibility in OIDC authentication during signing Low
CVE-2026-24408 was published for sigstore (pip) Jan 26, 2026
jku Credited to jku
Moonraker affected by LDAP search filter injection Low
CVE-2026-24130 was published for moonraker (pip) Jan 22, 2026
solovvway Credited to solovvway
FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection Low
CVE-2026-23996 was published for fastapi-api-key (pip) Jan 21, 2026
Chainlit contains an authorization bypass vulnerability Low
CVE-2025-68492 was published for chainlit (pip) Jan 14, 2026
Weblate leaks information via screenshots Low
CVE-2026-21889 was published for weblate (pip) Jan 14, 2026
nijel Credited to nijel and amCap1712 amCap1712 amCap1712
AcademySoftwareFoundation OpenColorIO has an out-of-bounds vulnerability Low
CVE-2025-15506 was published for opencolorio (pip) Jan 11, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database