GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,838 advisories
Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Moderate
CVE-2026-25645
was published
for
requests
(pip)
Mar 25, 2026
NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion
Moderate
CVE-2026-33332
was published
for
nicegui
(pip)
Mar 19, 2026
Improper Authentication and Origin Validation Error in pyload-ng
Moderate
CVE-2026-33314
was published
for
pyload-ng
(pip)
Mar 19, 2026
pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream
Moderate
CVE-2026-33699
was published
for
pypdf
(pip)
Mar 25, 2026
MobSF has SQL Injection in its SQLite Database Viewer Utils
Moderate
CVE-2026-33545
was published
for
mobsf
(pip)
Mar 24, 2026
python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
Moderate
CVE-2026-33936
was published
for
ecdsa
(pip)
Mar 27, 2026
Open WebUI has unauthorized deletion of knowledge files
Moderate
CVE-2026-29070
was published
for
open-webui
(pip)
Mar 27, 2026
Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`
Moderate
CVE-2026-28786
was published
for
open-webui
(pip)
Mar 27, 2026
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
Moderate
CVE-2024-26280
was published
for
apache-airflow
(pip)
Mar 1, 2024
Apache Superset: Improper Neutralization of custom SQL on embedded context
Moderate
CVE-2024-24772
was published
for
apache-superset
(pip)
Feb 28, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in nltk
Moderate
CVE-2026-33230
was published
for
nltk
(pip)
Mar 18, 2026
hnswlib Double Free vulnerability
Moderate
CVE-2023-37365
was published
for
hnswlib
(pip)
Jun 30, 2023
litellm vulnerable to improper access control in team management
Moderate
CVE-2024-5710
was published
for
litellm
(pip)
Jun 27, 2024
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config
Moderate
CVE-2024-26152
was published
for
label-studio
(pip)
Feb 22, 2024
Docassemble HTML and javascript injection
Moderate
CVE-2024-27290
was published
for
docassemble.webapp
(pip)
Feb 29, 2024
Docassemble open redirect
Moderate
CVE-2024-27291
was published
for
docassemble.webapp
(pip)
Feb 29, 2024
Apache Airflow: DAG Code and Import Error Permissions Ignored
Moderate
CVE-2024-27906
was published
for
apache-airflow
(pip)
Feb 29, 2024
Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution
Moderate
CVE-2026-33140
was published
for
pyspector
(pip)
Mar 18, 2026
pypdf has inefficient decoding of array-based streams
Moderate
CVE-2026-33123
was published
for
pypdf
(pip)
Mar 18, 2026
Denial of service via non-terminating SYLT frame parsing loop in tinytag
Moderate
CVE-2026-32889
was published
for
tinytag
(pip)
Mar 19, 2026
ProTip!
Advisories are also available from the
GraphQL API