GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,269
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,487
Swift
61
Unreviewed advisories
All unreviewed
5,000+
126 advisories
Filter by severity
dbt MCP Server: Unauthenticated OAuth Context Endpoint Leaks dbt Platform Tokens
Moderate
CVE-2026-55837
was published
for
dbt-mcp
(pip)
Jun 19, 2026
vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving
Moderate
CVE-2026-53923
was published
for
vllm
(pip)
Jun 17, 2026
yt-dlp: File Downloader cookie leak with curl
Moderate
CVE-2026-50019
was published
for
yt-dlp
(pip)
Jun 16, 2026
Tornado: CurlAsyncHTTPClient leaks per-request credentials on handle reuse
Moderate
GHSA-pw6j-qg29-8w7f
was published
for
tornado
(pip)
Jun 15, 2026
aiohttp: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges
Moderate
CVE-2026-54276
was published
for
aiohttp
(pip)
Jun 15, 2026
Apache Airflow: Incomplete redaction allowlist exposes secrets in Connection `extra` to read-permitted users
Moderate
CVE-2026-45192
was published
for
apache-airflow
(pip)
Jun 1, 2026
PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context
Moderate
CVE-2026-47395
was published
for
PraisonAI
(pip)
May 29, 2026
Open WebUI: Sharing models for others to use (read permission) also exposes model details (system prompt leakage)
Moderate
CVE-2026-45387
was published
for
open-webui
(pip)
May 14, 2026
Open WebUI Exposes System Prompt to Regular User [Non-Admin]
Moderate
CVE-2026-45351
was published
for
open-webui
(pip)
May 14, 2026
Open WebUI vulnerable to Global Knowledge Base Enumeration via knowledge-bases Meta-Collection
Moderate
CVE-2026-44557
was published
for
open-webui
(pip)
May 8, 2026
Weblate: SSRF via Project-Level Machinery Configuration
Moderate
CVE-2026-34244
was published
for
weblate
(pip)
Apr 16, 2026
Weblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repository
Moderate
CVE-2026-33220
was published
for
weblate
(pip)
Apr 16, 2026
LangSmith SDK: Streaming token events bypass output redaction
Moderate
CVE-2026-41182
was published
for
langsmith
(npm)
Apr 16, 2026
Apache Airlfow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access
Moderate
CVE-2026-25219
was published
for
apache-airflow
(pip)
Apr 15, 2026
PraisonAI Vulnerable to Sensitive Environment Variable Exposure via Untrusted MCP Subprocess Execution
Moderate
CVE-2026-40159
was published
for
PraisonAI
(pip)
Apr 10, 2026
PraisonAI: Unauthenticated Information Disclosure of Agent Instructions via /api/agents in AgentOS
Moderate
CVE-2026-40151
was published
for
PraisonAI
(pip)
Apr 10, 2026
Gramps Web API: Private Sub-Object Data in Non-Private Objects Exposed to Guest Users
Moderate
GHSA-9gjv-jvm7-vv2v
was published
for
gramps-webapi
(pip)
Apr 9, 2026
mcp-memory-service Vulnerable to System Information Disclosure via Health Endpoint
Moderate
CVE-2026-29787
was published
for
mcp-memory-service
(pip)
Mar 5, 2026
Gradio has an Open Redirect in its OAuth Flow
Moderate
CVE-2026-28415
was published
for
gradio
(pip)
Mar 1, 2026
Weblate: Missing access control for the AddonViewSet API exposes all addon configurations
Moderate
CVE-2026-27457
was published
for
weblate
(pip)
Feb 26, 2026
Apache Airflow UI Exposes DAG Import Errors to Unauthorized Authenticated Users
Moderate
CVE-2026-24098
was published
for
apache-airflow
(pip)
Feb 9, 2026
Weblate wlc has insecure API key configuration
Moderate
CVE-2026-22251
was published
for
wlc
(pip)
Jan 12, 2026
ComposioHQ has a directory traversal vulnerability
Moderate
CVE-2025-56427
was published
for
composio
(pip)
Dec 4, 2025
Ansible Community General Collection is vulnerable to exposure of sensitive information
Moderate
CVE-2025-14010
was published
for
ansible
(pip)
Dec 4, 2025
BBOT's gitlab.py exposes globally configured "gitlab" API key
Moderate
CVE-2025-10282
was published
for
bbot
(pip)
Oct 27, 2025
ProTip!
Advisories are also available from the
GraphQL API