Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

5,303 advisories

Loading
Vantage6: 2FA can be circumvented with hacked email access Moderate
CVE-2024-27928 was published for vantage6 (pip) Jun 5, 2026
Vantage6: No limit on emails sent for password/MFA reset Low
CVE-2024-24769 was published for vantage6 (pip) Jun 5, 2026
MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper Critical
CVE-2026-47708 was published for stata-mcp (pip) Jun 4, 2026
SepineTam Credited to SepineTam
kas's late signature validation may allow unnoticed repository manipulations Low
CVE-2026-47192 was published for kas (pip) Jun 4, 2026
fmoessbauer Credited to fmoessbauer
Strawberry GraphQL's Bypass of MaxAliasesLimiter via Fragment Spreads leading to GraphQL Alias Amplification Moderate
CVE-2026-47707 was published for strawberry-graphql (pip) Jun 4, 2026
gonas0919 Credited to gonas0919, bellini666, Ckk3, and patrick91 bellini666 bellini666
Ckk3 Ckk3 patrick91 patrick91
Strawberry GraphQL has a Circular Fragment Reference DOS Moderate
CVE-2026-47706 was published for strawberry-graphql (pip) Jun 4, 2026
gonas0919 Credited to gonas0919, Ckk3, bellini666, and patrick91 Ckk3 Ckk3
bellini666 bellini666 patrick91 patrick91
WebOb: Location header normalization during redirect leads to open redirect - again Moderate
CVE-2026-44889 was published for webob (pip) Jun 4, 2026
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks Moderate
CVE-2026-48710 was published for starlette (pip) Jun 4, 2026
x41j Credited to x41j, ehhthing, and nic-lovin ehhthing ehhthing
nic-lovin nic-lovin
Jupyter Enterprise Gateway: Kubernetes Manifest Injection in Jinja2 Template Rendering Critical
CVE-2026-44182 was published for jupyter_enterprise_gateway (pip) Jun 3, 2026
ben-elttam Credited to ben-elttam and lresende lresende lresende
Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execution Critical
CVE-2026-44181 was published for jupyter_enterprise_gateway (pip) Jun 3, 2026
ben-elttam Credited to ben-elttam and lresende lresende lresende
AIOHTTP is vulnerable to cross-origin redirect with per-request cookies Moderate
CVE-2026-47265 was published for aiohttp (pip) Jun 3, 2026
Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass Critical
CVE-2026-44180 was published for jupyter_enterprise_gateway (pip) Jun 3, 2026
ben-elttam Credited to ben-elttam, matt-elttam, and lresende matt-elttam matt-elttam
lresende lresende
Docling Core: Unsafe remote filename resolution High
CVE-2026-44023 was published for docling-core (pip) Jun 3, 2026
brodmart Credited to brodmart
Docling Core: Insufficient validation of image reference URIs High
CVE-2026-44019 was published for docling-core (pip) Jun 3, 2026
brodmart Credited to brodmart
Docling: Unsafe URI and Path Handling in HTML Backend High
CVE-2026-47214 was published for docling (pip) Jun 3, 2026
brodmart Credited to brodmart
Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands Moderate
CVE-2026-44022 was published for docling (pip) Jun 3, 2026
brodmart Credited to brodmart
Docling: Unsafe XML Entity Expansion in USPTO Patent Backend High
CVE-2026-44020 was published for docling (pip) Jun 3, 2026
Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend Moderate
CVE-2026-44018 was published for docling (pip) Jun 3, 2026
brodmart Credited to brodmart
Docling: Unsafe Playwright-based HTML Rendering High
CVE-2026-44016 was published for docling (pip) Jun 3, 2026
brodmart Credited to brodmart
malla: Stored XSS via Meshtastic node names in multiple frontend pages Moderate
CVE-2026-43980 was published for malla (pip) Jun 3, 2026
tiagoabreu22 Credited to tiagoabreu22
AIOHTTP is Vulnerable to Deserialization of Untrusted Data Moderate
CVE-2026-34993 was published for aiohttp (pip) Jun 3, 2026
tsigouris007 Credited to tsigouris007 and YuvalElbar6 YuvalElbar6 YuvalElbar6
Docling: Unsafe Zip Extraction in EasyOCR Model Download High
CVE-2026-44017 was published for docling (pip) Jun 3, 2026
kas checks out SHA-like git branches as valid commits Low
CVE-2026-47191 was published for kas (pip) Jun 1, 2026
adityasaky Credited to adityasaky
praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id} High
CVE-2026-47412 was published for praisonai-platform (pip) Jun 1, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR High
CVE-2026-47415 was published for praisonai-platform (pip) Jun 1, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database