GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
2,027 advisories
WsgiDAV encoded dot segments can escape filesystem share roots
High
CVE-2026-48099
was published
for
wsgidav
(pip)
Jun 11, 2026
PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing
High
CVE-2026-47781
was published
for
pdm
(pip)
Jun 11, 2026
Litestar has HTML Injection Through its CSRF Token
High
CVE-2026-48060
was published
for
litestar
(pip)
Jun 10, 2026
praisonai-platform: Agent endpoints accept any agent_id without workspace ownership check, cross-workspace read/update/delete IDOR
High
CVE-2026-47419
was published
for
praisonai-platform
(pip)
Jun 5, 2026
Docling Core: Unsafe remote filename resolution
High
CVE-2026-44023
was published
for
docling-core
(pip)
Jun 3, 2026
Docling Core: Insufficient validation of image reference URIs
High
CVE-2026-44019
was published
for
docling-core
(pip)
Jun 3, 2026
Docling: Unsafe URI and Path Handling in HTML Backend
High
CVE-2026-47214
was published
for
docling
(pip)
Jun 3, 2026
Docling: Unsafe Playwright-based HTML Rendering
High
CVE-2026-44016
was published
for
docling
(pip)
Jun 3, 2026
praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id}
High
CVE-2026-47412
was published
for
praisonai-platform
(pip)
Jun 1, 2026
praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR
High
CVE-2026-47415
was published
for
praisonai-platform
(pip)
Jun 1, 2026
praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR
High
CVE-2026-47417
was published
for
praisonai-platform
(pip)
Jun 1, 2026
praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR
High
CVE-2026-47418
was published
for
praisonai-platform
(pip)
Jun 1, 2026
praisonai-platform: Label endpoints' unchecked label_id/issue_id enable cross-workspace label IDOR (edit, delete, link)
High
CVE-2026-47414
was published
for
praisonai-platform
(pip)
May 29, 2026
PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership
High
CVE-2026-47405
was published
for
praisonai-platform
(pip)
May 29, 2026
PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID
High
CVE-2026-47399
was published
for
praisonai-platform
(pip)
May 29, 2026
PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API
High
CVE-2026-48169
was published
for
praisonai-platform
(pip)
May 29, 2026
PraisonAI has an Arbitrary File Write in Python API
High
CVE-2026-47397
was published
for
PraisonAI
(pip)
May 29, 2026
PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, deploy.validate
High
CVE-2026-47394
was published
for
PraisonAI
(pip)
May 29, 2026
PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334
High
CVE-2026-47398
was published
for
PraisonAI
(pip)
May 29, 2026
ProTip!
Advisories are also available from the
GraphQL API