Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

64 advisories

Loading
pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability High
CVE-2026-1707 was published for pgadmin4 (pip) Feb 5, 2026
Lollms has an Improper Access Control vulnerability High
CVE-2026-1117 was published for lollms (pip) Feb 2, 2026
Weblate leaks information via screenshots Low
CVE-2026-21889 was published for weblate (pip) Jan 14, 2026
nijel Credited to nijel and amCap1712 amCap1712 amCap1712
Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR) Moderate
CVE-2025-67715 was published for Weblate (pip) Dec 15, 2025
naxus-audit Credited to naxus-audit and nijel nijel nijel
open-webui is Vulnerable to Incorrect Access Control Low
CVE-2025-63681 was published for open-webui (pip) Dec 4, 2025
arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints Moderate
CVE-2025-66454 was published for arcade-mcp-server (pip) Dec 2, 2025
qi-scape Credited to qi-scape
Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode Moderate
CVE-2025-58337 was published for doris-mcp-server (pip) Nov 5, 2025
lirantal Credited to lirantal
pyLoad is vulnerable to attacks that bypass localhost restrictions, enabling the creation of arbitrary packages High
CVE-2025-7346 was published for pyload-ng (pip) Jul 8, 2025
PinkDraconian Credited to PinkDraconian
Reflex vulnerable to private state fields modification High
CVE-2025-47425 was published for reflex (pip) May 15, 2025
adhami3310 Credited to adhami3310, masenf, and Kastier1 masenf masenf
Kastier1 Kastier1
Aim Improper Access Control Moderate
CVE-2024-8238 was published for aim (pip) Mar 20, 2025
Improper Access Control in janeczku/calibre-web Moderate
CVE-2021-3987 was published for calibreweb (pip) Nov 15, 2024
Access control vulnerable to user data deletion by anonynmous users Moderate
CVE-2024-51734 was published for AccessControl (pip) Nov 4, 2024
n1k9 Credited to n1k9, d-maurer, perrinjerome, and dataflake d-maurer d-maurer
perrinjerome perrinjerome dataflake dataflake
Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default High
CVE-2024-6221 was published for Flask-Cors (pip) Aug 18, 2024
adrianosela Credited to adrianosela, Alex-ley-scrub, and icarocd Alex-ley-scrub Alex-ley-scrub
icarocd icarocd
litellm vulnerable to improper access control in team management Moderate
CVE-2024-5710 was published for litellm (pip) Jun 27, 2024
krrishdholakia Credited to krrishdholakia and byt3bl33d3r byt3bl33d3r byt3bl33d3r
Authlib has algorithm confusion with asymmetric public keys High
CVE-2024-37568 was published for authlib (pip) Jun 9, 2024
vantage6 collaboration admins can extend their influence by expanding the collaboration Low
CVE-2024-32969 was published for vantage6 (pip) May 22, 2024
MLflow allows low privilege users to delete any artifact Moderate
CVE-2024-4263 was published for mlflow (pip) May 16, 2024
ZenML Server Remote Privilege Escalation Vulnerability High
CVE-2024-25723 was published for zenml (pip) Feb 27, 2024
hahwul Credited to hahwul
vantage6 has insecure SSH configuration for node and server containers Moderate
CVE-2024-21653 was published for vantage6 (pip) Jan 30, 2024
pyload Unauthenticated Flask Configuration Leakage vulnerability High
CVE-2024-21644 was published for pyload-ng (pip) Jan 8, 2024
PinkDraconian Credited to PinkDraconian
Apache Airflow Improper Access Control vulnerability Moderate
CVE-2023-50783 was published for apache-airflow (pip) Dec 21, 2023
Improper Access Control in vantage6 Moderate
CVE-2023-41882 was published for vantage6 (pip) Oct 13, 2023
cross-site inclusion (XSSI) of files in jupyter-server Moderate
CVE-2023-40170 was published for jupyter-server (pip) Aug 29, 2023
Privilege escalation via ApiTokensEndpoint High
CVE-2023-39349 was published for sentry (pip) Aug 8, 2023
LTiDi2000 Credited to LTiDi2000
Apache Superset has Improper Access Control Moderate
CVE-2022-45438 was published for apache-superset (pip) Jan 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database