Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
3,990
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,390
Swift
56
Unreviewed advisories
All unreviewed
5,000+

677 advisories

Loading
Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token Critical
CVE-2026-48039 was published for meta-ads-mcp (pip) Jun 11, 2026
232-323 Credited to 232-323
NASA AMMOS Instrument Toolkit: Path traversal resulting in arbitrary file append (can be triggered over the network by unauthenticated attacker) Critical
CVE-2026-47731 was published for ait-core (pip) Jun 5, 2026
ehtec Credited to ehtec
MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper Critical
CVE-2026-47708 was published for stata-mcp (pip) Jun 4, 2026
SepineTam Credited to SepineTam
Jupyter Enterprise Gateway: Kubernetes Manifest Injection in Jinja2 Template Rendering Critical
CVE-2026-44182 was published for jupyter_enterprise_gateway (pip) Jun 3, 2026
ben-elttam Credited to ben-elttam and lresende lresende lresende
Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execution Critical
CVE-2026-44181 was published for jupyter_enterprise_gateway (pip) Jun 3, 2026
ben-elttam Credited to ben-elttam and lresende lresende lresende
Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass Critical
CVE-2026-44180 was published for jupyter_enterprise_gateway (pip) Jun 3, 2026
ben-elttam Credited to ben-elttam, matt-elttam, and lresende matt-elttam matt-elttam
lresende lresende
praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members Critical
CVE-2026-47413 was published for praisonai-platform (pip) Jun 1, 2026
praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id} Critical
CVE-2026-47416 was published for praisonai-platform (pip) May 29, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset Critical
CVE-2026-47410 was published for praisonai-platform (pip) May 29, 2026
PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation Critical
CVE-2026-47407 was published for praisonai-platform (pip) May 29, 2026
spbavarva Credited to spbavarva
PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution Critical
CVE-2026-47391 was published for PraisonAI (pip) May 29, 2026
foxirain Credited to foxirain
PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode) Critical
CVE-2026-47392 was published for PraisonAI (pip) May 29, 2026
q1uf3ng Credited to q1uf3ng
PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default Critical
CVE-2026-47393 was published for PraisonAI (pip) May 29, 2026
SnailSploit Credited to SnailSploit
PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset Critical
CVE-2026-47396 was published for PraisonAI (pip) May 29, 2026
beanduan22 Credited to beanduan22
stigmem-node's federation peer registration lacked explicit out-of-band approval Critical
GHSA-9vp8-3hmv-8fgh was published for stigmem-node (pip) May 29, 2026
stigmem-node's federation insecure transport settings may allow non-loopback cleartext federation Critical
GHSA-jmfc-hfjq-pxcp was published for stigmem-node (pip) May 29, 2026
stigmem-node: Auth-disabled deployments may grant broad anonymous access outside loopback Critical
GHSA-fp6w-8wpg-74g5 was published for stigmem-node (pip) May 29, 2026
amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection Critical
CVE-2026-8838 was published for redshift-connector (pip) May 29, 2026
0bi0 Credited to 0bi0
Langroid has Prompt to SQL Injection, Leading to RCE Critical
CVE-2026-25879 was published for langroid (pip) May 27, 2026
Ka7arotto Credited to Ka7arotto
Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host Critical
CVE-2026-46703 was published for @boxlite-ai/boxlite (Go) May 21, 2026
XlabAITeam Credited to XlabAITeam
BoxLite: Permission Bypass Allows Modification of Read-Only Files Critical
CVE-2026-46695 was published for @boxlite-ai/boxlite (Go) May 21, 2026
XlabAITeam Credited to XlabAITeam
APScheduler's JSONSerializer and CBORSerializer are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization Critical
CVE-2026-31072 was published for apscheduler (pip) May 19, 2026
Malicious code in guardrails-ai 0.10.1 (supply chain compromise) Critical
CVE-2026-45758 was published for guardrails-ai (pip) May 19, 2026
rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths Critical
CVE-2026-45568 was published for zrok (pip) May 19, 2026
aisafe-bot Credited to aisafe-bot
MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution Critical
CVE-2026-2611 was published for mlflow (pip) May 19, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database