Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

5,554 advisories

Loading
Lemur has an authorization bypass in StrictRolePermission / AuthorityCreatorPermission High
CVE-2026-48508 was published for lemur (pip) Jun 25, 2026
hits313 Credited to hits313
amazon-braket-sdk vulnerable to Insecure Deserialization via pickle.loads() High
CVE-2026-9291 was published for amazon-braket-sdk (pip) Jun 25, 2026
LangGraph SDK has unsafe URL path construction Moderate
CVE-2026-48776 was published for langgraph-sdk (pip) Jun 25, 2026
pucagit Credited to pucagit
LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading Moderate
CVE-2026-48775 was published for langgraph-checkpoint (pip) Jun 25, 2026
pucagit Credited to pucagit
justhtml: to_markdown() code-span blank-line breakout enables XSS Moderate
GHSA-jf6w-2mvx-633j was published for justhtml (pip) Jun 25, 2026
seankohjs Credited to seankohjs and yueyueL yueyueL yueyueL
Flask-Security has an Open Redirect issue Moderate
GHSA-w2j7-f3c6-g8cw was published for Flask-Security (pip) Jun 23, 2026
RacerZ-fighting Credited to RacerZ-fighting and Fushuling Fushuling Fushuling
motionEye Partial Authentication Bypass: Unauthenticated Admin Credential Theft via Path Traversal Critical
GHSA-phv5-334h-mxcw was published for motioneye (pip) Jun 23, 2026
pizza-power Credited to pizza-power and MichaIng MichaIng MichaIng
motionEye: LFI → pass‑the‑hash admin → unsafe restore → unauth action exec (RCE) Critical
GHSA-qxvg-h7q2-hcxh was published for motioneye (pip) Jun 23, 2026
C4spr0x1A Credited to C4spr0x1A and MichaIng MichaIng MichaIng
motionEye's missing authentication on ActionHandler allows unauthenticated camera action execution Moderate
CVE-2026-55863 was published for motioneye (pip) Jun 23, 2026
alanturing881 Credited to alanturing881, MichaIng, zagrim, Marijn0, and C4spr0x1A MichaIng MichaIng
zagrim zagrim Marijn0 Marijn0 C4spr0x1A C4spr0x1A
motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read High
CVE-2026-55488 was published for motioneye (pip) Jun 23, 2026
pizza-power Credited to pizza-power, sermikr0, C4spr0x1A, MichaIng, and alanturing881 sermikr0 sermikr0
C4spr0x1A C4spr0x1A MichaIng MichaIng alanturing881 alanturing881
OctoPrint has possible file exfiltration via query parameters on upload endpoints High
CVE-2026-54134 was published for OctoPrint (pip) Jun 23, 2026
seankohjs Credited to seankohjs and jacopotediosi jacopotediosi jacopotediosi
sondt99 Credited to sondt99 and dungNHVhust dungNHVhust dungNHVhust
OctoPrint has XSS in its Suppressed Command Notifications Moderate
CVE-2026-35163 was published for OctoPrint (pip) Jun 23, 2026
jacopotediosi Credited to jacopotediosi
Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack Moderate
CVE-2026-46611 was published for glances (pip) Jun 22, 2026
sectroyer Credited to sectroyer
sectroyer Credited to sectroyer
sectroyer Credited to sectroyer
sectroyer Credited to sectroyer
motionEye: Authentication possible via password hash Critical
CVE-2026-46488 was published for motioneye (pip) Jun 22, 2026
FireByteApplications Credited to FireByteApplications, 0xLynk, dimashn04, C4spr0x1A, sighnwaive, MichaIng, Marijn0, and zagrim 0xLynk 0xLynk
dimashn04 dimashn04 C4spr0x1A C4spr0x1A sighnwaive sighnwaive MichaIng MichaIng Marijn0 Marijn0 zagrim zagrim
ComfyUI-Manager has an Unprotected Alternate Channel (CWE-420) High
CVE-2025-67303 was published for comfyui-manager (pip) Jun 22, 2026
motionEye's World-Readable Configuration File Exposes Admin Password Hash Moderate
CVE-2026-32315 was published for motioneye (pip) Jun 22, 2026
dimashn04 Credited to dimashn04, 0xLynk, and MichaIng 0xLynk 0xLynk
MichaIng MichaIng
motionEye has an Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint Moderate
CVE-2026-31978 was published for motioneye (pip) Jun 22, 2026
Neosprings Credited to Neosprings, blue-pho3nix, and MichaIng blue-pho3nix blue-pho3nix
MichaIng MichaIng
OpenCTI has Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature High
CVE-2026-21887 was published for pycti (pip) Jun 22, 2026
DaffySpider Credited to DaffySpider and TristanInSec TristanInSec TristanInSec
OpenCTI May Bypass Introspection Restriction Moderate
CVE-2024-37155 was published for pycti (pip) Jun 22, 2026
R-s0n Credited to R-s0n
Anki's local HTTP server does not sufficiently validate requests High
GHSA-869j-r97x-hx2g was published for aqt (pip) Jun 19, 2026
taviso Credited to taviso
ProTip! Advisories are also available from the GraphQL API