GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,269
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,487
Swift
61
Unreviewed advisories
All unreviewed
5,000+
253 advisories
Filter by severity
Apache Airflow: Incomplete redaction allowlist exposes secrets in Connection `extra` to read-permitted users
Moderate
CVE-2026-45192
was published
for
apache-airflow
(pip)
Jun 1, 2026
Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit
Critical
CVE-2026-55447
was published
for
langflow
(pip)
Jun 19, 2026
dbt MCP Server: Unauthenticated OAuth Context Endpoint Leaks dbt Platform Tokens
Moderate
CVE-2026-55837
was published
for
dbt-mcp
(pip)
Jun 19, 2026
Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN
High
CVE-2026-54317
was published
for
homeassistant
(pip)
Jun 19, 2026
PraisonAI A2U incomplete authentication fix leaves current serve command unauthenticated by default
High
GHSA-jxcw-qp4h-6jfq
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI Code agent tools fail open without a workspace boundary
High
GHSA-gcq3-mfvh-3x25
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI: AgentOS remains unauthenticated after incomplete fix version and allows remote agent invocation
Critical
GHSA-892r-p3jq-jp24
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI dynamic-context artifact tools read arbitrary host files outside artifact storage
High
GHSA-j7qx-p75m-wp7g
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI Dynamic Context history and terminal tools read files outside configured storage via path traversal
High
GHSA-22cj-m4wf-fv2c
was published
for
praisonai
(pip)
Jun 18, 2026
Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak
Critical
CVE-2026-55450
was published
for
langflow
(pip)
Jun 17, 2026
vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving
Moderate
CVE-2026-53923
was published
for
vllm
(pip)
Jun 17, 2026
Crawl4AI: LLM credential exfiltration in Docker server via request base_url and env: token resolution
High
GHSA-f989-c77f-r2cq
was published
for
crawl4ai
(pip)
Jun 16, 2026
yt-dlp: File Downloader cookie leak with curl
Moderate
CVE-2026-50019
was published
for
yt-dlp
(pip)
Jun 16, 2026
Glances exposes the REST API without authentication
High
CVE-2026-32596
was published
for
Glances
(pip)
Mar 16, 2026
BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver
Moderate
CVE-2025-10281
was published
for
bbot
(pip)
Oct 9, 2025
Tornado: CurlAsyncHTTPClient leaks per-request credentials on handle reuse
Moderate
GHSA-pw6j-qg29-8w7f
was published
for
tornado
(pip)
Jun 15, 2026
Tornado: Authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient
High
CVE-2026-49853
was published
for
tornado
(pip)
Jun 15, 2026
aiohttp: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges
Moderate
CVE-2026-54276
was published
for
aiohttp
(pip)
Jun 15, 2026
Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs
Low
CVE-2026-45739
was published
for
strawberry-graphql
(pip)
May 19, 2026
NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()
High
CVE-2026-45553
was published
for
nicegui
(pip)
May 18, 2026
Weblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repository
Moderate
CVE-2026-33220
was published
for
weblate
(pip)
Apr 16, 2026
Gradio has an Open Redirect in its OAuth Flow
Moderate
CVE-2026-28415
was published
for
gradio
(pip)
Mar 1, 2026
Gradio vulnerable to arbitrary file read with File and UploadButton components
Moderate
CVE-2024-51751
was published
for
gradio
(pip)
Nov 6, 2024
OpenStack Glance is vulnerable to Exposure of Sensitive Information
Low
CVE-2013-1840
was published
for
glance
(pip)
May 17, 2022
Apache Airflow secrets in rendered templates could contain parts of sensitive values when truncated
High
CVE-2025-68438
was published
for
apache-airflow
(pip)
Jan 16, 2026
ProTip!
Advisories are also available from the
GraphQL API