GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
2,180 advisories
oxidize-pdf: NaN/inf bypass in colour content-stream emission causes PDF rejection (DoS)
Moderate
GHSA-88q9-cmp2-c2vq
was published
for
OxidizePdf.NET
(NuGet)
May 11, 2026
GuardDog: Unsanitized human-readable scan output allows terminal escape injection from malicious package content
Moderate
CVE-2026-44972
was published
for
guarddog
(pip)
May 11, 2026
Streamlink has an arbitrary local file read via file:// URI in HLS and DASH
Moderate
CVE-2026-44353
was published
for
streamlink
(pip)
May 11, 2026
Open WebUI's Improper Authorization in Standard Channels Allows Message Updates with Read Permission
Moderate
CVE-2026-44571
was published
for
open-webui
(pip)
May 11, 2026
PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries
Moderate
CVE-2026-44337
was published
for
PraisonAI
(pip)
May 11, 2026
Mistune Heading ID Attribute has Injection XSS
Moderate
CVE-2026-44897
was published
for
mistune
(pip)
May 9, 2026
Mistune has XSS via unescaped figclass/figwidth in Figure directive
Moderate
CVE-2026-44896
was published
for
mistune
(pip)
May 8, 2026
Mistune Math Plugin has an XSS Escape Bypass
Moderate
CVE-2026-44708
was published
for
mistune
(pip)
May 8, 2026
eml_parser has recursion DoS via nested message/rfc822 attachments
Moderate
CVE-2026-44844
was published
for
eml_parser
(pip)
May 8, 2026
Open WebUI has Stored XSS in Pending User Overlay via Incorrect DOMPurify Application Order
Moderate
CVE-2026-44568
was published
for
open-webui
(pip)
May 8, 2026
Wagtail has improper permission handling when copying pages
Moderate
CVE-2026-44200
was published
for
wagtail
(pip)
May 8, 2026
Wagtail has improper restriction handling on Documents and Images API
Moderate
CVE-2026-44201
was published
for
wagtail
(pip)
May 8, 2026
Wagtail has improper permission handling when deleting form submissions
Moderate
CVE-2026-44199
was published
for
wagtail
(pip)
May 8, 2026
Wagtail has improper permission handling when viewing page history
Moderate
CVE-2026-44198
was published
for
wagtail
(pip)
May 8, 2026
Wagtail has improper permission handling when comparing revisions
Moderate
CVE-2026-44197
was published
for
wagtail
(pip)
May 8, 2026
Open WebUI has Unauthorized File and Knowledge Base Content Access via RAG Vector Search
Moderate
CVE-2026-44560
was published
for
open-webui
(pip)
May 8, 2026
Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels
Moderate
CVE-2026-44561
was published
for
open-webui
(pip)
May 8, 2026
Read-Only Open WebUI Users Can Modify Collaborative Documents via Socket.IO
Moderate
CVE-2026-44564
was published
for
open-webui
(pip)
May 8, 2026
Open WebUI's Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show
Moderate
CVE-2026-44563
was published
for
open-webui
(pip)
May 8, 2026
ProTip!
Advisories are also available from the
GraphQL API