GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
567 advisories
Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint
Critical
CVE-2026-33017
was published
for
langflow
(pip)
Mar 17, 2026
Authlib JWS JWK Header Injection: Signature Verification Bypass
Critical
CVE-2026-27962
was published
for
authlib
(pip)
Mar 16, 2026
Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`
Critical
CVE-2026-32633
was published
for
Glances
(pip)
Mar 16, 2026
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution
Critical
CVE-2024-27133
was published
for
mlflow
(pip)
Feb 24, 2024
MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment
Critical
CVE-2026-27825
was published
for
mcp-atlassian
(pip)
Mar 10, 2026
asyncmy is vulnerable to SQL injection via crafted dict keys
Critical
CVE-2025-65896
was published
for
asyncmy
(pip)
Dec 2, 2025
PickleScan has multiple stdlib modules with direct RCE not in blocklist
Critical
GHSA-g38g-8gr9-h9xp
was published
for
picklescan
(pip)
Mar 3, 2026
PickleScan's pkgutil.resolve_name has a universal blocklist bypass
Critical
GHSA-vvpj-8cmc-gx39
was published
for
picklescan
(pip)
Mar 3, 2026
PickleScan's profile.run blocklist mismatch allows exec() bypass
Critical
GHSA-7wx9-6375-f5wh
was published
for
picklescan
(pip)
Mar 3, 2026
Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection
Critical
CVE-2026-27641
was published
for
flask-reuploaded
(pip)
Feb 25, 2026
Langflow has Remote Code Execution in CSV Agent
Critical
CVE-2026-27966
was published
for
langflow
(pip)
Feb 27, 2026
Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering
Critical
CVE-2026-27614
was published
for
bugsink
(pip)
Feb 25, 2026
ormar is vulnerable to SQL Injection through aggregate functions min() and max()
Critical
CVE-2026-26198
was published
for
ormar
(pip)
Feb 23, 2026
Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK
Critical
CVE-2026-25592
was published
for
Microsoft.SemanticKernel.Core
(NuGet)
Feb 6, 2026
Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
Critical
CVE-2026-26030
was published
for
semantic-kernel
(pip)
Feb 19, 2026
Azure AI Language Authoring Elevation of Privilege Vulnerability can Lead to RCE
Critical
CVE-2026-21531
was published
for
azure-ai-language-conversations-authoring
(pip)
Feb 10, 2026
Keylime Missing Authentication for Critical Function and Improper Authentication
Critical
CVE-2026-1709
was published
for
keylime
(pip)
Feb 6, 2026
ProTip!
Advisories are also available from the
GraphQL API