GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,986 advisories
vLLM Vulnerable to Remote DoS via Special-Token Placeholders
Moderate
CVE-2026-44222
was published
for
vllm
(pip)
May 5, 2026
PyLoad Vulnerable to Path Traversal via Package Folder Name
Moderate
CVE-2026-42314
was published
for
pyload-ng
(pip)
May 5, 2026
Ethyca Fides has a Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection
Moderate
CVE-2026-42303
was published
for
ethyca-fides
(pip)
May 5, 2026
wireshark-mcp vulnerable to arbitrary file write via export_objects when WIRESHARK_MCP_ALLOWED_DIRS is not configured
Moderate
CVE-2026-43901
was published
for
wireshark-mcp
(pip)
May 5, 2026
requests-hardened is Vulnerable to Server-Side Request Forgery
Moderate
CVE-2026-42175
was published
for
requests-hardened
(pip)
May 5, 2026
PPTAgent: Arbitrary File Write via `save_generated_slides`
Moderate
CVE-2026-42080
was published
for
pptagent
(pip)
May 5, 2026
PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image
Moderate
CVE-2026-42078
was published
for
pptagent
(pip)
May 5, 2026
JupyterHub has cross-origin form POSTs bypass XSRF (CWE-352)
Moderate
CVE-2026-40864
was published
for
jupyterhub
(pip)
May 5, 2026
Jupyter Server's Authentication Cookies Remain Valid After Password Reset and Server Restart
Moderate
CVE-2026-40934
was published
for
jupyter-server
(pip)
May 5, 2026
Jupyter Server has an open redirection vulnerability in `next` query parameter
Moderate
CVE-2025-61669
was published
for
jupyter-server
(pip)
May 5, 2026
pyload-ng: non-admin SETTINGS users can disable outbound TLS peer verification via unrestricted `ssl_verify` config (incomplete fix for CVE-2026-33509 / -35463 / -35464 / -35586)
Moderate
CVE-2026-42312
was published
for
pyload-ng
(pip)
May 4, 2026
Pillow has a PDF Parsing Trailer Infinite Loop (DoS)
Moderate
CVE-2026-42310
was published
for
pillow
(pip)
May 4, 2026
CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql`
Moderate
CVE-2026-42032
was published
for
ckan
(pip)
Apr 30, 2026
Weblate Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url
Moderate
CVE-2026-41654
was published
for
weblate
(pip)
Apr 30, 2026
Weblate Doesn't Invalidate API Token on Password Change
Moderate
CVE-2026-41519
was published
for
weblate
(pip)
Apr 30, 2026
CKAN has CSRF exemption primed by anonymous requests
Moderate
CVE-2026-41255
was published
for
ckan
(pip)
Apr 29, 2026
CKAN has no certificate validation on STMP connection
Moderate
CVE-2026-41132
was published
for
ckan
(pip)
Apr 29, 2026
beets has a Cross-site Scripting vulnerability
Moderate
CVE-2026-42052
was published
for
beets
(pip)
Apr 29, 2026
wlc: print_html outputs API data without HTML escaping
Moderate
CVE-2026-42150
was published
for
wlc
(pip)
Apr 24, 2026
ProTip!
Advisories are also available from the
GraphQL API