Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,232
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,505
Pub
12
RubyGems
996
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

1,735 advisories

Loading
ormar Pydantic Validation Bypass via __pk_only__ and __excluded__ Kwargs Injection in Model Constructor High
CVE-2026-27953 was published for ormar (pip) Mar 19, 2026
Mistz1 Credited to Mistz1
NLTK has a Downloader Path Traversal Vulnerability (AFO) - Arbitrary File Overwrite High
CVE-2026-33236 was published for nltk (pip) Mar 19, 2026
Unauthenticated remote shutdown in nltk.app.wordnet_app High
CVE-2026-33231 was published for nltk (pip) Mar 19, 2026
leduckhuong Credited to leduckhuong
DeepDiff has Memory Exhaustion DoS through SAFE_TO_IMPORT High
CVE-2026-33155 was published for deepdiff (pip) Mar 18, 2026
am-periphery Credited to am-periphery
dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver High
CVE-2026-33154 was published for dynaconf (pip) Mar 18, 2026
redyank Credited to redyank
PySpector has a Plugin Sandbox Bypass leads to Arbitrary Code Execution High
CVE-2026-33139 was published for pyspector (pip) Mar 18, 2026
Shinigami81 Credited to Shinigami81
Frigte has broken access control viewer user can delete admin and other users account High
CVE-2026-33125 was published for frigate (pip) Mar 18, 2026
czerlun Credited to czerlun
UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop High
CVE-2026-32875 was published for ujson (pip) Mar 18, 2026
vmfunc Credited to vmfunc and bwoodsend bwoodsend bwoodsend
UltraJSON has a Memory Leak parsing large integers allows DoS High
CVE-2026-32874 was published for ujson (pip) Mar 18, 2026
Skevros Credited to Skevros and bwoodsend bwoodsend bwoodsend
Langflow is Missing Ownership Verification in API Key Deletion (IDOR) High
CVE-2026-33053 was published for langflow (pip) Mar 18, 2026
FaizanKolega Credited to FaizanKolega, kolega-ai-dev, andifilhohub, and erichare kolega-ai-dev kolega-ai-dev
andifilhohub andifilhohub erichare erichare
Denial of Service in pyasn1 via Unbounded Recursion High
CVE-2026-30922 was published for pyasn1 (pip) Mar 17, 2026
romanticpragmatism Credited to romanticpragmatism
Uncontrolled recursion DoS in JustHTML() via deeply nested HTML High
GHSA-v7cf-c9rm-wm3j was published for justhtml (pip) Mar 17, 2026
kq5y Credited to kq5y
Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization High
CVE-2026-30911 was published for apache-airflow (pip) Mar 17, 2026
Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications High
CVE-2026-28779 was published for apache-airflow (pip) Mar 17, 2026
Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata High
CVE-2026-26929 was published for apache-airflow (pip) Mar 17, 2026
Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers High
CVE-2026-32634 was published for Glances (pip) Mar 16, 2026
restriction Credited to restriction
Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements High
CVE-2026-32611 was published for Glances (pip) Mar 16, 2026
restriction Credited to restriction
Glances's Default CORS Configuration Allows Cross-Origin Credential Theft High
CVE-2026-32610 was published for Glances (pip) Mar 16, 2026
restriction Credited to restriction
Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials High
CVE-2026-32609 was published for Glances (pip) Mar 16, 2026
restriction Credited to restriction
Glances has a Command Injection via Process Names in Action Command Templates High
CVE-2026-32608 was published for Glances (pip) Mar 16, 2026
restriction Credited to restriction
Glances exposes the REST API without authentication High
CVE-2026-32596 was published for Glances (pip) Mar 16, 2026
DhiyaneshGeek Credited to DhiyaneshGeek
ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack High
CVE-2026-28500 was published for onnx (pip) Mar 16, 2026
ZeroXJacks Credited to ZeroXJacks
pyOpenSSL DTLS cookie callback buffer overflow High
CVE-2026-27459 was published for pyopenssl (pip) Mar 16, 2026
justlife4x4 Credited to justlife4x4
Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding High
CVE-2026-28498 was published for authlib (pip) Mar 16, 2026
Pr00fOf3xpl0it Credited to Pr00fOf3xpl0it and Jaynornj Jaynornj Jaynornj
MLflow has a command injection in mlflow/sagemaker/__init__.py High
CVE-2025-14287 was published for mlflow (pip) Mar 16, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database