Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

2,268 advisories

Loading
0xmrma Credited to 0xmrma
MCP Atlassian: DNS-rebinding TOCTOU bypass of the SSRF fix (CVE-2026-27826) Moderate
GHSA-489g-7rxv-6c8q was published for mcp-atlassian (pip) Jul 10, 2026
daniel-mertz Credited to daniel-mertz
x41j Credited to x41j, ehhthing, and nic-lovin ehhthing ehhthing
nic-lovin nic-lovin
psd-tools vulnerable to arbitrary file write via smart-object filename Moderate
CVE-2026-49836 was published for psd-tools (pip) Jul 9, 2026
seankohjs Credited to seankohjs and yueyueL yueyueL yueyueL
Rattler vulnerable to package cache path traversal via conda package build string Moderate
CVE-2026-53956 was published for py_rattler (pip) Jul 9, 2026
Jupyter Server vulnerable to Path Traversal via incorrect root directory boundary check in _get_os_path() Moderate
CVE-2026-5422 was published for jupyter-server (pip) Jun 2, 2026
Apache Airflow has no certificate validation on SMTP STARTTLS connections Moderate
CVE-2026-49267 was published for apache-airflow (pip) Jun 1, 2026
francisbergin Credited to francisbergin
pypdf: Possible infinite loop when processing threads/articles in writer Moderate
CVE-2026-54651 was published for pypdf (pip) Jul 9, 2026
k0w4lzk1 Credited to k0w4lzk1 and stefan6419846 stefan6419846 stefan6419846
vantage6 node has an Improper Access Control issue Moderate
CVE-2026-54533 was published for vantage6 (pip) Jun 5, 2026
Vantage6: Set admin user and password from environment or configuration Moderate
CVE-2026-54445 was published for vantage6 (pip) Jun 5, 2026
Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr` Moderate
CVE-2026-48817 was published for starlette (pip) Jun 15, 2026
Apache Airflow has an Authorization Bypass Through User-Controlled Key Moderate
CVE-2026-46764 was published for apache-airflow (pip) Jun 1, 2026
Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2026-42360 was published for apache-airflow (pip) Jun 1, 2026
Apache Airflow Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2026-42358 was published for apache-airflow (pip) Jun 1, 2026
Apache Airflow has a Link Following issue Moderate
CVE-2026-40861 was published for apache-airflow (pip) Jun 1, 2026
Apache Airflow has a Missing Authorization issue Moderate
CVE-2026-41014 was published for apache-airflow (pip) Jun 1, 2026
Apache Airflow has a Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Moderate
CVE-2026-41017 was published for apache-airflow (pip) Jun 1, 2026
pymonocypher: Potential heap buffer overflow on nb_blocks in argon2i_32 when provided buffer is too small Moderate
CVE-2026-53720 was published for pymonocypher (pip) Jul 9, 2026
hextheshadow Credited to hextheshadow
pyLoad: Unbounded Memory Growth Leading to DoS and Potential DDoS in EventManager Moderate
CVE-2026-48987 was published for pyload-ng (pip) Jul 9, 2026
pevinkumar10 Credited to pevinkumar10
pyLoad: SSRF guard bypass via IPv6 6to4/NAT64 transition wrappers of internal IPs Moderate
CVE-2026-48737 was published for pyload-ng (pip) Jul 9, 2026
tonghuaroot Credited to tonghuaroot
Trapster Community: Unauthenticated malformed DNS compression pointers crash per-packet honeypot handler Moderate
GHSA-mxwc-wh95-pw4g was published for trapster (pip) Jul 8, 2026
tonghuaroot Credited to tonghuaroot
Apache Airflow: Auth manager doesn't invalidate JWT tokens after users click logout Moderate
CVE-2026-48726 was published for apache-airflow (pip) Jun 1, 2026
ProTip! Advisories are also available from the GraphQL API