GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,269
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,487
Swift
61
Unreviewed advisories
All unreviewed
5,000+
60 advisories
Filter by severity
Lemur: ACME SSRF + creator-equality IDOR lead to AWS IAM/PKI compromise
Critical
CVE-2026-55166
was published
for
lemur
(pip)
Jun 25, 2026
stistigmem-node: quarantine review surface exposes and mutates other tenants' quarantined facts (cross-tenant BOLA)
High
GHSA-xhv3-q4xx-349r
was published
for
stigmem-node
(pip)
Jun 19, 2026
stigmem-node: RTBF tombstones are mis-attributed and suppress reads tenant-blind (cross-tenant BOLA)
High
GHSA-x26h-xmv8-gxf7
was published
for
stigmem-node
(pip)
Jun 19, 2026
Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow
High
CVE-2026-55255
was published
for
langflow
(pip)
Jun 19, 2026
praisonai-platform: Authorization Bypass Through User-Controlled Key
Moderate
GHSA-2fjj-qqg8-fg7x
was published
for
praisonai-platform
(pip)
Jun 18, 2026
Open WebUI Prompt history IDOR: unbound history_id allows cross-prompt read and deletion
Moderate
CVE-2026-54015
was published
for
open-webui
(pip)
Jun 17, 2026
Open WebUI: Forged chat-file link allows cross-user file read and deletion
High
CVE-2026-54010
was published
for
open-webui
(pip)
Jun 17, 2026
Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field
Moderate
CVE-2026-54009
was published
for
open-webui
(pip)
Jun 17, 2026
Open WebUI IDOR: Calendar event re-parenting allows writing events into another user's calendar
Moderate
CVE-2026-54006
was published
for
open-webui
(pip)
Jun 17, 2026
Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints
High
CVE-2026-33760
was published
for
langflow
(pip)
Jun 16, 2026
Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known
Low
CVE-2026-47716
was published
for
bugsink
(pip)
Jun 5, 2026
Bugsink: Issue event views can show an event from another project if its UUID is known
Low
CVE-2026-47715
was published
for
bugsink
(pip)
Jun 5, 2026
praisonai-platform: Agent endpoints accept any agent_id without workspace ownership check, cross-workspace read/update/delete IDOR
High
CVE-2026-47419
was published
for
praisonai-platform
(pip)
Jun 5, 2026
praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR
High
CVE-2026-47415
was published
for
praisonai-platform
(pip)
Jun 1, 2026
praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR
High
CVE-2026-47417
was published
for
praisonai-platform
(pip)
Jun 1, 2026
praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR
High
CVE-2026-47418
was published
for
praisonai-platform
(pip)
Jun 1, 2026
praisonai-platform: Label endpoints' unchecked label_id/issue_id enable cross-workspace label IDOR (edit, delete, link)
High
CVE-2026-47414
was published
for
praisonai-platform
(pip)
May 29, 2026
praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks
High
CVE-2026-47406
was published
for
praisonai-platform
(pip)
May 29, 2026
PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID
High
CVE-2026-47399
was published
for
praisonai-platform
(pip)
May 29, 2026
PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation
Critical
CVE-2026-47407
was published
for
praisonai-platform
(pip)
May 29, 2026
praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership
Moderate
CVE-2026-47408
was published
for
praisonai-platform
(pip)
May 29, 2026
PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API
High
CVE-2026-48169
was published
for
praisonai-platform
(pip)
May 29, 2026
OpenStack Keystone has an Authorization Bypass
Moderate
CVE-2026-42999
was published
for
keystone
(pip)
May 28, 2026
pretix vulnerable to Authorization Bypass Through User-Controlled Key
Low
CVE-2026-9712
was published
for
pretix
(pip)
May 27, 2026
Open WebUI: shared-chat branch ignores access_type, allowing unauthorized file deletion
High
CVE-2026-45671
was published
for
open-webui
(pip)
May 14, 2026
ProTip!
Advisories are also available from the
GraphQL API