Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,489
Maven
5,000+
npm
5,000+
NuGet
892
pip
4,745
Pub
13
RubyGems
1,033
Rust
1,228
Swift
53
Unreviewed advisories
All unreviewed
5,000+

11 advisories

Loading
AGiXT Vulnerable to Path Traversal in safe_join() High
CVE-2026-39981 was published for agixt (pip) Apr 8, 2026
YeranG30 Credited to YeranG30
PraisonAI Has Authentication Bypass via OAuthManager.validate_token() Critical
CVE-2026-34953 was published for praisonai (pip) Apr 1, 2026
YeranG30 Credited to YeranG30
PraisonAI Has Missing Authentication in WebSocket Gateway Critical
CVE-2026-34952 was published for praisonai (pip) Apr 1, 2026
YeranG30 Credited to YeranG30
PraisonAI Has SSRF in FileTools.download_file() via Unvalidated URL High
CVE-2026-34954 was published for praisonaiagents (pip) Apr 1, 2026
YeranG30 Credited to YeranG30
PraisonAI Has Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox High
CVE-2026-34955 was published for praisonai (pip) Apr 1, 2026
YeranG30 Credited to YeranG30
PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback High
CVE-2026-34936 was published for praisonai (pip) Apr 1, 2026
YeranG30 Credited to YeranG30
PraisonAI Has ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools() Moderate
CVE-2026-34939 was published for praisonai (pip) Apr 1, 2026
YeranG30 Credited to YeranG30
PraisonAI Has Second-Order SQL Injection in `get_all_user_threads` Critical
CVE-2026-34934 was published for praisonai (pip) Apr 1, 2026
YeranG30 Credited to YeranG30
PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command() Critical
CVE-2026-34935 was published for praisonai (pip) Apr 1, 2026
YeranG30 Credited to YeranG30
PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution High
CVE-2026-34937 was published for praisonaiagents (pip) Apr 1, 2026
YeranG30 Credited to YeranG30
PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code Critical
CVE-2026-34938 was published for praisonaiagents (pip) Apr 1, 2026
YeranG30 Credited to YeranG30
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database