GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
2,125 advisories
Filter by severity
Open Babel has heap buffer overflow in SMILES OBSmilesParser::ParseSmiles
High
CVE-2025-10996
was published
for
openbabel
(pip)
Jun 30, 2026
mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call
High
CVE-2026-49291
was published
for
mcp-memory-service
(pip)
Jun 26, 2026
python-socketio: Binary attachment accumulation can cause denial of service
High
CVE-2026-48804
was published
for
python-socketio
(pip)
Jun 26, 2026
python-engineio has unbound thread allocation that can cause denial of service
High
CVE-2026-48802
was published
for
python-engineio
(pip)
Jun 26, 2026
python-engineio has possible denial of service due to maximum payload size sometimes not being enforced
High
CVE-2026-48809
was published
for
python-engineio
(pip)
Jun 26, 2026
Lemur has an authorization bypass in StrictRolePermission / AuthorityCreatorPermission
High
CVE-2026-48508
was published
for
lemur
(pip)
Jun 25, 2026
amazon-braket-sdk vulnerable to Insecure Deserialization via pickle.loads()
High
CVE-2026-9291
was published
for
amazon-braket-sdk
(pip)
Jun 25, 2026
motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read
High
CVE-2026-55488
was published
for
motioneye
(pip)
Jun 23, 2026
OctoPrint has possible file exfiltration via query parameters on upload endpoints
High
CVE-2026-54134
was published
for
OctoPrint
(pip)
Jun 23, 2026
Glances has arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration
High
CVE-2026-53925
was published
for
glances
(pip)
Jun 23, 2026
Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533)
High
CVE-2026-46608
was published
for
glances
(pip)
Jun 22, 2026
Glances has Insecure Pickle Deserialization in its Version Cache that Leads to Arbitrary Code Execution
High
CVE-2026-46607
was published
for
glances
(pip)
Jun 22, 2026
Glances is Vulnerable to Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py
High
CVE-2026-46606
was published
for
glances
(pip)
Jun 22, 2026
ComfyUI-Manager has an Unprotected Alternate Channel (CWE-420)
High
CVE-2025-67303
was published
for
comfyui-manager
(pip)
Jun 22, 2026
OpenCTI has Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature
High
CVE-2026-21887
was published
for
pycti
(pip)
Jun 22, 2026
Anki's local HTTP server does not sufficiently validate requests
High
GHSA-869j-r97x-hx2g
was published
for
aqt
(pip)
Jun 19, 2026
LangSmith SDK TracingMiddleware: Arbitrary server-side file read
High
GHSA-f4xh-w4cj-qxq8
was published
for
langsmith
(pip)
Jun 19, 2026
EverOS: Path traversal in EverOS /api/v1/memory/add via unvalidated sender_id
High
GHSA-c795-2g9c-j48m
was published
for
everos
(pip)
Jun 19, 2026
stigmem-node: decay sweep expires and counts facts across all tenants (cross-tenant BOLA)
High
GHSA-6gqw-jqv7-v88m
was published
for
stigmem-node
(pip)
Jun 19, 2026
stistigmem-node: quarantine review surface exposes and mutates other tenants' quarantined facts (cross-tenant BOLA)
High
GHSA-xhv3-q4xx-349r
was published
for
stigmem-node
(pip)
Jun 19, 2026
stigmem-node: RTBF tombstones are mis-attributed and suppress reads tenant-blind (cross-tenant BOLA)
High
GHSA-x26h-xmv8-gxf7
was published
for
stigmem-node
(pip)
Jun 19, 2026
MessagePack for Python: Out-of-bounds read / crash on Unpacker reuse after a caught error
High
GHSA-6v7p-g79w-8964
was published
for
msgpack
(pip)
Jun 19, 2026
Langflow: Unauthenticated DoS through multipart form boundary file upload
High
CVE-2026-55446
was published
for
langflow
(pip)
Jun 19, 2026
VCR.py: Arbitrary code execution via unsafe YAML deserialization of cassette files
High
GHSA-rpj2-4hq8-938g
was published
for
vcrpy
(pip)
Jun 19, 2026
Ultimate Sitemap Parser (USP): XML Entity Expansion (Billion Laughs) DoS in XMLSitemapParser
High
GHSA-p5wc-9w9r-m232
was published
for
ultimate-sitemap-parser
(pip)
Jun 19, 2026
ProTip!
Advisories are also available from the
GraphQL API