GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,895 advisories
rfc3161-client Has Improper Certificate Validation
Moderate
CVE-2026-33753
was published
for
rfc3161-client
(pip)
Apr 8, 2026
NiceGUI: Upload filename sanitization bypass via backslashes allows path traversal on Windows
Moderate
CVE-2026-39844
was published
for
nicegui
(pip)
Apr 8, 2026
pyload-ng has a WebUI JSON permission mismatch that lets ADD/DELETE users invoke MODIFY-only actions
Moderate
GHSA-rfgh-63mg-8pwm
was published
for
pyload-ng
(pip)
Apr 8, 2026
JWCrypto: JWE ZIP decompression bomb
Moderate
CVE-2026-39373
was published
for
jwcrypto
(pip)
Apr 8, 2026
pyload-ng: Incomplete Tar Path Traversal Fix in UnTar._safe_extractall via os.path.commonprefix Bypass
Moderate
CVE-2026-35592
was published
for
pyload-ng
(pip)
Apr 8, 2026
pyload-ng: Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng
Moderate
CVE-2026-35586
was published
for
pyload-ng
(pip)
Apr 8, 2026
kedro-datasets has a path traversal vulnerability in PartitionedDataset that allows arbitrary file write
Moderate
CVE-2026-35492
was published
for
kedro-datasets
(pip)
Apr 6, 2026
D-Tale: Remote Code Execution through redis/shelf storage
Moderate
CVE-2026-35052
was published
for
dtale
(pip)
Apr 3, 2026
vLLM: Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server
Moderate
CVE-2026-34756
was published
for
vllm
(pip)
Apr 3, 2026
vLLM: Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing
Moderate
CVE-2026-34755
was published
for
vllm
(pip)
Apr 3, 2026
vLLM: Server-Side Request Forgery (SSRF) in `download_bytes_from_url `
Moderate
CVE-2026-34753
was published
for
vllm
(pip)
Apr 3, 2026
AIOHTTP has a Multipart Header Size Bypass
Moderate
CVE-2026-34516
was published
for
aiohttp
(pip)
Apr 1, 2026
ProTip!
Advisories are also available from the
GraphQL API