GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
628 advisories
misp-modules website - Missing CSRF protection in the website home blueprint
Critical
CVE-2026-44364
was published
for
misp-modules
(pip)
May 6, 2026
wger: cross-tenant password reset and plaintext disclosure via gym=None bypass
Critical
CVE-2026-43948
was published
for
wger
(pip)
May 6, 2026
Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API
Critical
CVE-2026-29090
was published
for
rucio
(pip)
May 6, 2026
Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API
Critical
CVE-2026-29080
was published
for
rucio
(pip)
May 6, 2026
django-s3file is vulnerable to relative path traversal
Critical
CVE-2026-42196
was published
for
django-s3file
(pip)
May 5, 2026
Langflow Knowledge Bases API is Vulnerable to Path Traversal
Critical
CVE-2026-42048
was published
for
langflow
(pip)
May 5, 2026
Codechecker has an authentication bypass for certain API calls
Critical
CVE-2026-25660
was published
for
codechecker
(pip)
May 5, 2026
ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView
Critical
CVE-2026-42601
was published
for
archivebox
(pip)
May 4, 2026
Sentry's improper authentication on SAML SSO process allows user identity linking
Critical
CVE-2026-42354
was published
for
sentry
(pip)
Apr 30, 2026
Pipecat: Remote Code Execution by Pickle Deserialization Through LivekitFrameSerializer
Critical
CVE-2025-62373
was published
for
pipecat-ai
(pip)
Apr 23, 2026
PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection
Critical
CVE-2026-41497
was published
for
praisonai
(pip)
Apr 17, 2026
Sentry: Improper authentication on SAML SSO process allows user identity linking
Critical
CVE-2026-27197
was published
for
sentry
(pip)
Apr 17, 2026
UEFI Firmware Parser has a heap out-of-bounds write in tiano decompressor ReadCLen
Critical
GHSA-hm2w-vr2p-hq7w
was published
for
uefi-firmware
(pip)
Apr 16, 2026
UEFI Firmware Parser has a stack out-of-bounds write in tiano decompressor MakeTable
Critical
GHSA-2689-5p89-6j3j
was published
for
uefi-firmware
(pip)
Apr 16, 2026
excel-mcp-server has a Path Traversal issue
Critical
CVE-2026-40576
was published
for
excel-mcp-server
(pip)
Apr 14, 2026
Google Agent Development Kit (ADK) has a Code Injection and Missing Authentication vulnerability
Critical
CVE-2026-4810
was published
for
google-adk
(pip)
Apr 13, 2026
aws-mcp has a Command Injection Remote Code Execution Vulnerability
Critical
CVE-2026-5059
was published
for
aws-mcp
(pip)
Apr 11, 2026
gramps-webapi: Zip Slip Path Traversal in Media Archive Import
Critical
CVE-2026-40258
was published
for
gramps-webapi
(pip)
Apr 10, 2026
ajenti.plugin.core has password bypass when 2FA is activated
Critical
CVE-2026-40177
was published
for
ajenti.plugin.core
(pip)
Apr 10, 2026
PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions
Critical
CVE-2026-40289
was published
for
PraisonAI
(pip)
Apr 10, 2026
PraisonAI has critical RCE via `type: job` workflow YAML
Critical
CVE-2026-40288
was published
for
PraisonAI
(pip)
Apr 10, 2026
ProTip!
Advisories are also available from the
GraphQL API