Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

2,125 advisories

Loading
Open Babel has heap buffer overflow in SMILES OBSmilesParser::ParseSmiles High
CVE-2025-10996 was published for openbabel (pip) Jun 30, 2026
mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call High
CVE-2026-49291 was published for mcp-memory-service (pip) Jun 26, 2026
DavidCarliez Credited to DavidCarliez
python-socketio: Binary attachment accumulation can cause denial of service High
CVE-2026-48804 was published for python-socketio (pip) Jun 26, 2026
mauriceng98 Credited to mauriceng98
python-engineio has unbound thread allocation that can cause denial of service High
CVE-2026-48802 was published for python-engineio (pip) Jun 26, 2026
mauriceng98 Credited to mauriceng98
python-engineio has possible denial of service due to maximum payload size sometimes not being enforced High
CVE-2026-48809 was published for python-engineio (pip) Jun 26, 2026
Lemur has an authorization bypass in StrictRolePermission / AuthorityCreatorPermission High
CVE-2026-48508 was published for lemur (pip) Jun 25, 2026
hits313 Credited to hits313
amazon-braket-sdk vulnerable to Insecure Deserialization via pickle.loads() High
CVE-2026-9291 was published for amazon-braket-sdk (pip) Jun 25, 2026
motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read High
CVE-2026-55488 was published for motioneye (pip) Jun 23, 2026
pizza-power Credited to pizza-power, sermikr0, C4spr0x1A, MichaIng, and alanturing881 sermikr0 sermikr0
C4spr0x1A C4spr0x1A MichaIng MichaIng alanturing881 alanturing881
OctoPrint has possible file exfiltration via query parameters on upload endpoints High
CVE-2026-54134 was published for OctoPrint (pip) Jun 23, 2026
seankohjs Credited to seankohjs and jacopotediosi jacopotediosi jacopotediosi
sondt99 Credited to sondt99 and dungNHVhust dungNHVhust dungNHVhust
sectroyer Credited to sectroyer
sectroyer Credited to sectroyer
sectroyer Credited to sectroyer
ComfyUI-Manager has an Unprotected Alternate Channel (CWE-420) High
CVE-2025-67303 was published for comfyui-manager (pip) Jun 22, 2026
OpenCTI has Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature High
CVE-2026-21887 was published for pycti (pip) Jun 22, 2026
DaffySpider Credited to DaffySpider and TristanInSec TristanInSec TristanInSec
Anki's local HTTP server does not sufficiently validate requests High
GHSA-869j-r97x-hx2g was published for aqt (pip) Jun 19, 2026
taviso Credited to taviso
LangSmith SDK TracingMiddleware: Arbitrary server-side file read High
GHSA-f4xh-w4cj-qxq8 was published for langsmith (pip) Jun 19, 2026
Ryu7zz Credited to Ryu7zz
EverOS: Path traversal in EverOS /api/v1/memory/add via unvalidated sender_id High
GHSA-c795-2g9c-j48m was published for everos (pip) Jun 19, 2026
geo-chen Credited to geo-chen
stigmem-node: decay sweep expires and counts facts across all tenants (cross-tenant BOLA) High
GHSA-6gqw-jqv7-v88m was published for stigmem-node (pip) Jun 19, 2026
stigmem-node: RTBF tombstones are mis-attributed and suppress reads tenant-blind (cross-tenant BOLA) High
GHSA-x26h-xmv8-gxf7 was published for stigmem-node (pip) Jun 19, 2026
MessagePack for Python: Out-of-bounds read / crash on Unpacker reuse after a caught error High
GHSA-6v7p-g79w-8964 was published for msgpack (pip) Jun 19, 2026
Langflow: Unauthenticated DoS through multipart form boundary file upload High
CVE-2026-55446 was published for langflow (pip) Jun 19, 2026
ethansilvas Credited to ethansilvas, AntonioABLima, and andifilhohub AntonioABLima AntonioABLima
andifilhohub andifilhohub
VCR.py: Arbitrary code execution via unsafe YAML deserialization of cassette files High
GHSA-rpj2-4hq8-938g was published for vcrpy (pip) Jun 19, 2026
RamiAltai Credited to RamiAltai
Ultimate Sitemap Parser (USP): XML Entity Expansion (Billion Laughs) DoS in XMLSitemapParser High
GHSA-p5wc-9w9r-m232 was published for ultimate-sitemap-parser (pip) Jun 19, 2026
ProTip! Advisories are also available from the GraphQL API