Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

2,273 advisories

Loading
OpenStack Ironic allows Boot Script Injection Moderate
CVE-2026-46447 was published for ironic (pip) Jun 4, 2026
0xmrma Credited to 0xmrma
GeoNode: Stored XSS to full account takeover Moderate
CVE-2024-27091 was published for geonode (pip) Jul 13, 2026
ImThatT Credited to ImThatT
0xmrma Credited to 0xmrma
MCP Atlassian: DNS-rebinding TOCTOU bypass of the SSRF fix (CVE-2026-27826) Moderate
GHSA-489g-7rxv-6c8q was published for mcp-atlassian (pip) Jul 10, 2026
daniel-mertz Credited to daniel-mertz
x41j Credited to x41j, ehhthing, and nic-lovin ehhthing ehhthing
nic-lovin nic-lovin
psd-tools vulnerable to arbitrary file write via smart-object filename Moderate
CVE-2026-49836 was published for psd-tools (pip) Jul 9, 2026
seankohjs Credited to seankohjs and yueyueL yueyueL yueyueL
Rattler vulnerable to package cache path traversal via conda package build string Moderate
CVE-2026-53956 was published for py_rattler (pip) Jul 9, 2026
Jupyter Server vulnerable to Path Traversal via incorrect root directory boundary check in _get_os_path() Moderate
CVE-2026-5422 was published for jupyter-server (pip) Jun 2, 2026
Apache Airflow has no certificate validation on SMTP STARTTLS connections Moderate
CVE-2026-49267 was published for apache-airflow (pip) Jun 1, 2026
francisbergin Credited to francisbergin
pypdf: Possible infinite loop when processing threads/articles in writer Moderate
CVE-2026-54651 was published for pypdf (pip) Jul 9, 2026
k0w4lzk1 Credited to k0w4lzk1 and stefan6419846 stefan6419846 stefan6419846
vantage6 node has an Improper Access Control issue Moderate
CVE-2026-54533 was published for vantage6 (pip) Jun 5, 2026
Vantage6: Set admin user and password from environment or configuration Moderate
CVE-2026-54445 was published for vantage6 (pip) Jun 5, 2026
Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr` Moderate
CVE-2026-48817 was published for starlette (pip) Jun 15, 2026
Apache Airflow has an Authorization Bypass Through User-Controlled Key Moderate
CVE-2026-46764 was published for apache-airflow (pip) Jun 1, 2026
Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2026-42360 was published for apache-airflow (pip) Jun 1, 2026
Apache Airflow Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2026-42358 was published for apache-airflow (pip) Jun 1, 2026
Apache Airflow has a Link Following issue Moderate
CVE-2026-40861 was published for apache-airflow (pip) Jun 1, 2026
Apache Airflow has a Missing Authorization issue Moderate
CVE-2026-41014 was published for apache-airflow (pip) Jun 1, 2026
Apache Airflow has a Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Moderate
CVE-2026-41017 was published for apache-airflow (pip) Jun 1, 2026
ProTip! Advisories are also available from the GraphQL API