GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,815 advisories
fickling's `platform` module subprocess invocation evades `check_safety()` with `LIKELY_SAFE`
Moderate
GHSA-5cxw-w2xg-2m8h
was published
for
fickling
(pip)
Mar 13, 2026
fickling modules linecache, difflib and gc are missing from the unsafe modules blocklist
Moderate
GHSA-r48f-3986-4f9c
was published
for
fickling
(pip)
Mar 13, 2026
ha-mcp has XSS via Unescaped HTML in OAuth Consent Form
Moderate
CVE-2026-32112
was published
for
ha-mcp
(pip)
Mar 12, 2026
ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle
Moderate
CVE-2026-32111
was published
for
ha-mcp
(pip)
Mar 12, 2026
Tornado has incomplete validation of cookie attributes
Moderate
GHSA-78cv-mqj4-43f7
was published
for
tornado
(pip)
Mar 11, 2026
pypdf: manipulated stream length values can exhaust RAM
Moderate
CVE-2026-31826
was published
for
pypdf
(pip)
Mar 11, 2026
django-unicorn affected by component state manipulation via unvalidated attribute access
Moderate
CVE-2026-31815
was published
for
django-unicorn
(pip)
Mar 11, 2026
copyparty: volflag `nohtml` did not block javascript in svg files
Moderate
CVE-2026-30974
was published
for
copyparty
(pip)
Mar 10, 2026
mcp-memory-service Vulnerable to System Information Disclosure via Health Endpoint
Moderate
CVE-2026-29787
was published
for
mcp-memory-service
(pip)
Mar 5, 2026
eml_parser: Path Traversal in Official Example Script Leads to Arbitrary File Write
Moderate
CVE-2026-29780
was published
for
eml-parser
(pip)
Mar 5, 2026
changedetection.io has Reflected XSS in its RSS Tag Error Response
Moderate
CVE-2026-29038
was published
for
changedetection.io
(pip)
Mar 4, 2026
Wagtail Vulnerable to Cross-site Scripting in simple_translation admin interface
Moderate
CVE-2026-28223
was published
for
wagtail
(pip)
Mar 3, 2026
Wagtail Vulnerable to Cross-site Scripting in TableBlock class attributes
Moderate
CVE-2026-28222
was published
for
wagtail
(pip)
Mar 3, 2026
pypdf vulnerable to inefficient decoding of ASCIIHexDecode streams
Moderate
CVE-2026-28804
was published
for
pypdf
(pip)
Mar 2, 2026
Products.isurlinportal has possible open redirect when using more than 2 forward slashes
Moderate
CVE-2026-28413
was published
for
Products.isurlinportal
(pip)
Mar 2, 2026
lxml-html-clean has <base> tag injection through default Cleaner configuration
Moderate
CVE-2026-28350
was published
for
lxml-html-clean
(pip)
Mar 2, 2026
lxml-html-clean has CSS @import Filter Bypass via Unicode Escapes
Moderate
CVE-2026-28348
was published
for
lxml-html-clean
(pip)
Mar 2, 2026
Gradio has an Open Redirect in its OAuth Flow
Moderate
CVE-2026-28415
was published
for
gradio
(pip)
Mar 1, 2026
ProTip!
Advisories are also available from the
GraphQL API