Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

11 advisories

Loading
Basic auth bypass in esphome High
CVE-2021-41104 was published for esphome (pip) Sep 29, 2021
andir Credited to andir
Improper Authentication in FreeTAKServer High
CVE-2022-25508 was published for FreeTAKServer (pip) Mar 12, 2022
Openstack Aodh can be used to launder Keystone trusts High
CVE-2017-12440 was published for aodh (pip) May 13, 2022
GramAddict bot uses dependency with reverse tcp backdoor High
CVE-2020-36245 was published for GramAddict (pip) May 24, 2022
Mage-ai missing user authentication High
CVE-2023-31143 was published for mage-ai (pip) May 5, 2023
RPyC's missing security check results in code execution when using numpy.array on the server-side. High
CVE-2024-27758 was published for rpyc (pip) Mar 6, 2024
renbou Credited to renbou and comrumino comrumino comrumino
Open WebUI lacks authentication for the `api/v1/utils/pdf` endpoint High
CVE-2024-8053 was published for open-webui (pip) Mar 20, 2025
Langflow Missing Authentication on Critical API Endpoints High
CVE-2026-21445 was published for langflow (pip) Jan 2, 2026
kj84park Credited to kj84park and juh0ng juh0ng juh0ng
Unauthenticated remote shutdown in nltk.app.wordnet_app High
CVE-2026-33231 was published for nltk (pip) Mar 19, 2026
leduckhuong Credited to leduckhuong
strawberry-graphql: Authentication bypass via legacy graphql-ws WebSocket subprotocol High
CVE-2026-35523 was published for strawberry-graphql (pip) Apr 6, 2026
bellini666 Credited to bellini666, patrick91, katzj, and WesR patrick91 patrick91
katzj katzj WesR WesR
PraisonAI: Unauthenticated Allow-List Manipulation Bypasses Agent Tool Approval Safety Controls High
CVE-2026-40149 was published for PraisonAI (pip) Apr 10, 2026
offset Credited to offset
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database