Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

504 advisories

Loading
Wasmtime: Memory leak in C API with `externref` and `anyref` types Low
CVE-2025-61670 was published for wasmtime-bin (pip) Jul 14, 2026
alexcrichton Credited to alexcrichton
alanturing881 Credited to alanturing881
Linuxfabrik Monitoring Plugins allow insecure creation of SQLite databases Low
CVE-2026-53759 was published for linuxfabrik-lib (pip) Jul 6, 2026
OoYo0uto Credited to OoYo0uto
Kiwi TCMS's /init-db/ page renders and responds to requests after first use Low
CVE-2026-49292 was published for kiwitcms (pip) Jul 2, 2026
keyur-mehta Credited to keyur-mehta
Open Babel has NULL pointer dereference in ChemKinFormat::ReadReactionQualifierLines Low
CVE-2025-10998 was published for openbabel (pip) Jul 1, 2026
Open Babel has Use-after-free in GAMESS GAMESSOutputFormat::ReadMolecule Low
CVE-2025-10994 was published for openbabel (pip) Jun 30, 2026
Open Babel has a NULL pointer dereference in CDXML OBAtom::GetExplicitValence Low
CVE-2026-3408 was published for openbabel (pip) Jun 30, 2026
VedantMadane Credited to VedantMadane
Open Babel has NULL pointer dereference in MOL2 OBAtom::SetFormalCharge Low
CVE-2026-2705 was published for openbabel (pip) Jun 30, 2026
VedantMadane Credited to VedantMadane
Open Babel has an out-of-bounds read in CIF transform3d::DescribeAsString Low
CVE-2026-2704 was published for openbabel (pip) Jun 30, 2026
VedantMadane Credited to VedantMadane
Flawfinder output manipulation via untrusted filenames and source text Low
CVE-2026-48813 was published for flawfinder (pip) Jun 26, 2026
PGHoard: Password written to debug log Low
CVE-2026-54711 was published for pghoard (pip) Jun 18, 2026
BBOT: Symlink-Following Arbitrary Write via github_workflows Module Low
CVE-2026-12567 was published for bbot (pip) Jun 18, 2026
AAtomical Credited to AAtomical
sondt99 Credited to sondt99
Bleach: URI sanitization allows disallowed URI schemes with Unicode > U+00A0 in output Low
GHSA-8rfp-98v4-mmr6 was published for bleach (pip) Jun 16, 2026
Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname Low
CVE-2026-54282 was published for Starlette (pip) Jun 15, 2026
nic-lovin Credited to nic-lovin
python-multipart: Negative Content-Length in parse_form buffers the entire body in memory Low
CVE-2026-53540 was published for python-multipart (pip) Jun 15, 2026
lullu57 Credited to lullu57 and seok-hee97 seok-hee97 seok-hee97
python-multipart: Semicolon treated as querystring field separator enables parameter smuggling Low
CVE-2026-53538 was published for python-multipart (pip) Jun 15, 2026
maxisbey Credited to maxisbey
python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters Low
CVE-2026-53537 was published for python-multipart (pip) Jun 15, 2026
0xkakash1 Credited to 0xkakash1 and sammiee5311 sammiee5311 sammiee5311
aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections Low
CVE-2026-54275 was published for aiohttp (pip) Jun 15, 2026
denyspakizh-tob Credited to denyspakizh-tob and bdraco bdraco bdraco
aiohttp: Payload Response Resources Are Not Closed After Mid-Body Disconnect Low
CVE-2026-54280 was published for aiohttp (pip) Jun 15, 2026
denyspakizh-tob Credited to denyspakizh-tob and bdraco bdraco bdraco
aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence Low
CVE-2026-54279 was published for aiohttp (pip) Jun 15, 2026
denyspakizh-tob Credited to denyspakizh-tob and bdraco bdraco bdraco
aiohttp: CRLF injection in multipart headers Low
CVE-2026-50269 was published for aiohttp (pip) Jun 15, 2026
tonghuaroot Credited to tonghuaroot and Dreamsorcerer Dreamsorcerer Dreamsorcerer
PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values (DoS) Low
CVE-2026-48524 was published for pyjwt (pip) Jun 15, 2026
Tornado has out-of-bounds memory access via C extension Low
CVE-2026-49854 was published for tornado (pip) Jun 12, 2026
sondt99 Credited to sondt99
ProTip! Advisories are also available from the GraphQL API