GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
2,000 advisories
misp-modules has nsafe remote resource fetching in expansion
Moderate
CVE-2026-44363
was published
for
misp-modules
(pip)
May 6, 2026
vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters
Moderate
CVE-2026-44223
was published
for
vllm
(pip)
May 6, 2026
Granian vulnerable to DoS via WSGI response header panic
Moderate
CVE-2026-42545
was published
for
granian
(pip)
May 6, 2026
wger: trainer_login open redirect - ?next= parameter not validated against host
Moderate
GHSA-vqv8-j3mj-wjxj
was published
for
wger
(pip)
May 6, 2026
Lemur: LDAP Authentication Globally Disables TLS Certificate Verification When LDAP_USE_TLS Is Enabled
Moderate
CVE-2026-44305
was published
for
lemur
(pip)
May 6, 2026
vLLM Vulnerable to Remote DoS via Special-Token Placeholders
Moderate
CVE-2026-44222
was published
for
vllm
(pip)
May 5, 2026
PyLoad Vulnerable to Path Traversal via Package Folder Name
Moderate
CVE-2026-42314
was published
for
pyload-ng
(pip)
May 5, 2026
Ethyca Fides has a Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection
Moderate
CVE-2026-42303
was published
for
ethyca-fides
(pip)
May 5, 2026
wireshark-mcp vulnerable to arbitrary file write via export_objects when WIRESHARK_MCP_ALLOWED_DIRS is not configured
Moderate
CVE-2026-43901
was published
for
wireshark-mcp
(pip)
May 5, 2026
requests-hardened is Vulnerable to Server-Side Request Forgery
Moderate
CVE-2026-42175
was published
for
requests-hardened
(pip)
May 5, 2026
PPTAgent: Arbitrary File Write via `save_generated_slides`
Moderate
CVE-2026-42080
was published
for
pptagent
(pip)
May 5, 2026
PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image
Moderate
CVE-2026-42078
was published
for
pptagent
(pip)
May 5, 2026
JupyterHub has cross-origin form POSTs bypass XSRF (CWE-352)
Moderate
CVE-2026-40864
was published
for
jupyterhub
(pip)
May 5, 2026
Jupyter Server's Authentication Cookies Remain Valid After Password Reset and Server Restart
Moderate
CVE-2026-40934
was published
for
jupyter-server
(pip)
May 5, 2026
Jupyter Server has an open redirection vulnerability in `next` query parameter
Moderate
CVE-2025-61669
was published
for
jupyter-server
(pip)
May 5, 2026
pyload-ng: non-admin SETTINGS users can disable outbound TLS peer verification via unrestricted `ssl_verify` config (incomplete fix for CVE-2026-33509 / -35463 / -35464 / -35586)
Moderate
CVE-2026-42312
was published
for
pyload-ng
(pip)
May 4, 2026
Pillow has a PDF Parsing Trailer Infinite Loop (DoS)
Moderate
CVE-2026-42310
was published
for
pillow
(pip)
May 4, 2026
CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql`
Moderate
CVE-2026-42032
was published
for
ckan
(pip)
Apr 30, 2026
Weblate Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url
Moderate
CVE-2026-41654
was published
for
weblate
(pip)
Apr 30, 2026
ProTip!
Advisories are also available from the
GraphQL API