Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,143
Maven
5,000+
npm
5,000+
NuGet
840
pip
4,439
Pub
12
RubyGems
990
Rust
1,174
Swift
50
Unreviewed advisories
All unreviewed
5,000+

1,695 advisories

Loading
MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers High
CVE-2026-27826 was published for mcp-atlassian (pip) Mar 10, 2026
yotampe-pluto Credited to yotampe-pluto and gil-maman-p gil-maman-p gil-maman-p
Glances has SQL Injection via Process Names in TimescaleDB Export High
CVE-2026-30930 was published for Glances (pip) Mar 9, 2026
theamanrawat Credited to theamanrawat and neo-ai-engineer neo-ai-engineer neo-ai-engineer
Glances Exposes Unauthenticated Configuration Secrets High
CVE-2026-30928 was published for glances (pip) Mar 9, 2026
theamanrawat Credited to theamanrawat and neo-ai-engineer neo-ai-engineer neo-ai-engineer
Apache Airflow Providers Http has Unsafe Pickle Deserializatio leading to RCE via HttpOperator High
CVE-2025-69219 was published for apache-airflow-providers-http (pip) Mar 9, 2026
x402 SDK Security Advisory High
GHSA-qr2g-p6q7-w82m was published for @x402/svm (Go) Mar 7, 2026
mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft High
GHSA-g9rg-8vq5-mpwm was published for mcp-memory-service (pip) Mar 7, 2026
yotampe-pluto Credited to yotampe-pluto
SageMaker Python SDK replaced eval() with safe parser in JumpStart search functionality High
GHSA-5r2p-pjr8-7fh7 was published for sagemaker (pip) Mar 5, 2026
daridor9 Credited to daridor9
Plane is Vulnerable to Unauthenticated Workspace Member Information Disclosure High
CVE-2026-30244 was published for plane (pip) Mar 5, 2026
Sanu1999 Credited to Sanu1999
Plane has SSRF via Incomplete IP Validation in Webhook URL Serializer High
CVE-2026-30242 was published for plane (pip) Mar 5, 2026
ByamB4 Credited to ByamB4
RAGAS has an Arbitrary File Read vulnerability High
CVE-2025-45691 was published for ragas (pip) Mar 5, 2026
xgrammar vulnerable to DoS via multi-layer nesting High
CVE-2026-25048 was published for xgrammar (pip) Mar 5, 2026
ylwango613 Credited to ylwango613
pyLoad has an Arbitrary File Write via Path Traversal in edit_package() High
CVE-2026-29778 was published for pyload-ng (pip) Mar 5, 2026
BaranTeyin1 Credited to BaranTeyin1 and MetinGerdan MetinGerdan MetinGerdan
Fickling missing RCE-capable modules in UNSAFE_IMPORTS High
GHSA-5hwf-rc88-82xm was published for fickling (pip) Mar 4, 2026
yash2998chhabria Credited to yash2998chhabria
Fickling has `always_check_safety()` bypass: pickle.loads and _pickle.loads remain unhooked High
GHSA-wccx-j62j-r448 was published for fickling (pip) Mar 4, 2026
mldangelo Credited to mldangelo
changedetection.io has Zip Slip vulnerability in the backup restore functionality High
CVE-2026-29065 was published for changedetection.io (pip) Mar 4, 2026
pussycat0x Credited to pussycat0x and neo-ai-engineer neo-ai-engineer neo-ai-engineer
changedetection.io vulnerable to XPath - Arbitrary File Read via unparsed-text() High
CVE-2026-29039 was published for changedetection.io (pip) Mar 4, 2026
DhiyaneshGeek Credited to DhiyaneshGeek and neo-ai-engineer neo-ai-engineer neo-ai-engineer
Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification High
CVE-2026-28802 was published for authlib (pip) Mar 4, 2026
michael-guignard Credited to michael-guignard
IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links High
CVE-2026-28681 was published for irrd (pip) Mar 4, 2026
BrookeYangRui Credited to BrookeYangRui
BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction High
CVE-2026-27905 was published for bentoml (pip) Mar 3, 2026
q1uf3ng Credited to q1uf3ng
OpenViking contains a Path Traversal vulnerability High
CVE-2026-28518 was published for openviking (pip) Mar 3, 2026
Django vulnerable to Uncontrolled Resource Consumption High
CVE-2026-25673 was published for Django (pip) Mar 3, 2026
OpenChatBI has a Path Traversal Vulnerability in save_report Tool High
CVE-2026-28795 was published for openchatbi (pip) Mar 2, 2026
CocoIndex Doris target connector didn't verify table name when constructing ALTER TABLE statements High
CVE-2026-28438 was published for cocoindex (pip) Mar 2, 2026
4ur0n Credited to 4ur0n
joserfc's PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS) High
CVE-2026-27932 was published for joserfc (pip) Mar 2, 2026
Jaynornj Credited to Jaynornj and Pr00fOf3xpl0it Pr00fOf3xpl0it Pr00fOf3xpl0it
OpenEXR's CompositeDeepScanLine integer-overflow leads to heap OOB write High
CVE-2026-27622 was published for OpenEXR (pip) Mar 2, 2026
quangIO Credited to quangIO and thaidn thaidn thaidn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database