GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
9 advisories
Open WebUI has a SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints (not addressed by CVE-2025-65958)
High
CVE-2026-45401
was published
for
open-webui
(pip)
May 14, 2026
Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base Access Controls
High
CVE-2026-45398
was published
for
open-webui
(pip)
May 14, 2026
Flowise: Cypher Injection in GraphCypherQAChain
High
CVE-2026-41274
was published
for
flowise
(npm)
Apr 16, 2026
Flowise: Path Traversal in Vector Store basePath
Moderate
GHSA-w6v6-49gh-mc9w
was published
for
flowise
(npm)
Apr 16, 2026
Flowise Missing Authentication on NVIDIA NIM Endpoints
High
CVE-2026-30824
was published
for
flowise
(npm)
Mar 6, 2026
Flowise Vulnerable to PII Disclosure on Unauthenticated Forgot Password Endpoint
Moderate
GHSA-jc5m-wrp2-qq38
was published
for
flowise
(npm)
Mar 5, 2026
Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure
Critical
CVE-2026-27944
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Mar 5, 2026
Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret
Low
CVE-2026-27167
was published
for
gradio
(pip)
Mar 1, 2026
Gogs Allows Cross-Repository Comment Deletion via DeleteComment
Moderate
CVE-2026-25120
was published
for
gogs.io/gogs
(Go)
Feb 17, 2026
ProTip!
Advisories are also available from the
GraphQL API