Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
912
pip
4,768
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

44 advisories

Loading
wger has Broken Access Control in Global Gym Configuration Update Endpoint High
CVE-2026-40474 was published for wger (pip) Apr 16, 2026
VashuVats Credited to VashuVats
PraisonAIAgents: Arbitrary File Read via read_skill_file Missing Workspace Boundary and Approval Gate Moderate
CVE-2026-40117 was published for praisonaiagents (pip) Apr 10, 2026
offset Credited to offset
OpenViking contains a missing authorization vulnerability in the task polling endpoints Moderate
CVE-2026-22680 was published for OpenViking (pip) Apr 7, 2026
Django vulnerable to privilege abuse in ModelAdmin.list_editable Low
CVE-2026-4292 was published for Django (pip) Apr 7, 2026
Django vulnerable to privilege abuse in GenericInlineModelAdmin Low
CVE-2026-4277 was published for Django (pip) Apr 7, 2026
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint Moderate
CVE-2026-33866 was published for mlflow (pip) Apr 7, 2026
Ajenti has an authorization bypass during custom package installation High
CVE-2026-35175 was published for ajenti-panel (pip) Apr 3, 2026
Thien225409 Credited to Thien225409
openssl-encrypt has no owner verification on key revocation — any client can revoke any key Moderate
GHSA-hvc7-763r-4f3h was published for openssl-encrypt (pip) Apr 1, 2026
Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check High
CVE-2026-34046 was published for langflow (pip) Mar 27, 2026
chximn-dt Credited to chximn-dt and AntonioABLima AntonioABLima AntonioABLima
Open WebUI has unauthorized deletion of knowledge files Moderate
CVE-2026-29070 was published for open-webui (pip) Mar 27, 2026
ScaumAcktiv Credited to ScaumAcktiv
langflow has Unauthenticated IDOR on Image Downloads High
CVE-2026-33484 was published for langflow (pip) Mar 20, 2026
akshatgit Credited to akshatgit, abhinavagarwal07, and andifilhohub abhinavagarwal07 abhinavagarwal07
andifilhohub andifilhohub
Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization High
CVE-2026-30911 was published for apache-airflow (pip) Mar 17, 2026
Weblate: Missing access control for the AddonViewSet API exposes all addon configurations Moderate
CVE-2026-27457 was published for weblate (pip) Feb 26, 2026
nijel Credited to nijel
Wagtail has improper permission handling on admin preview endpoints Moderate
CVE-2026-25517 was published for wagtail (pip) Feb 3, 2026
thxtech Credited to thxtech, gasman, RealOrangeOne, and laymonage gasman gasman
RealOrangeOne RealOrangeOne laymonage laymonage
Khoj has an IDOR in Notion OAuth Flow that Enables Index Poisoning Moderate
CVE-2025-69207 was published for khoj (pip) Feb 2, 2026
Cillian-Collins Credited to Cillian-Collins
copyparty: Sharing a single file does not fully restrict access to other files in source folder Moderate
CVE-2025-58753 was published for copyparty (pip) Sep 9, 2025
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation High
CVE-2025-57817 was published for ethyca-fides (pip) Sep 8, 2025
thabofletcher Credited to thabofletcher, erosselli, and daveqnet erosselli erosselli
daveqnet daveqnet
Indico vulnerability allows attackers to bulk dump user details Moderate
CVE-2025-53640 was published for indico (pip) Jul 14, 2025
rafaelcorvino1 Credited to rafaelcorvino1, rildosouza, and nmmorette rildosouza rildosouza
nmmorette nmmorette
Backend.AI Missing Authorization vulnerability High
CVE-2025-49651 was published for backend.ai (pip) Jun 9, 2025
Yaminyam Credited to Yaminyam
Open WebUI Has Improper Access Control Leading to Arbitrary Prompt Read Moderate
CVE-2024-7045 was published for open-webui (pip) Mar 20, 2025
Open WebUI Allows Viewing of Admin Details Moderate
CVE-2024-7046 was published for open-webui (pip) Mar 20, 2025
Open WebUI Allows Arbitrary File Reading and Deletion High
CVE-2024-7043 was published for open-webui (pip) Mar 20, 2025
Indico Insecure Access Moderate
CVE-2024-50633 was published for indico (pip) Jan 16, 2025
Improper Access Control in janeczku/calibre-web Moderate
CVE-2021-3987 was published for calibreweb (pip) Nov 15, 2024
LTI 1.3 Grade Pass Back Implementation has Missing Authorization Vulnerability Low
CVE-2023-23611 was published for lti-consumer-xblock (pip) Aug 30, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database