Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

11 advisories

Loading
SnailSploit Credited to SnailSploit and 0xShemesh 0xShemesh 0xShemesh
praisonai-platform: default JWT signing secret 'dev-secret-change-me' enables token forgery Critical
GHSA-cwj8-7gp2-ggcw was published for praisonai-platform (pip) Jun 18, 2026
SnailSploit Credited to SnailSploit
PraisonAI: Jobs API exposes agent-execution endpoints with no authentication Critical
GHSA-fq2m-6wqh-x44g was published for praisonai (pip) Jun 18, 2026
SnailSploit Credited to SnailSploit
praisonai: recipe serve auth middleware silently disables itself when no secret is set Critical
GHSA-j4hj-7hfh-g2f4 was published for praisonai (pip) Jun 18, 2026
SnailSploit Credited to SnailSploit
praisonaiagents: SSRF guard validates literal IPs only and never resolves DNS High
GHSA-vxgj-xg5c-p4h7 was published for praisonaiagents (pip) Jun 18, 2026
SnailSploit Credited to SnailSploit
PraisonAI: execute_code sandbox bypass: str.format C-level attribute access reads every blocklisted dunder Moderate
GHSA-pv2j-rghr-v5r9 was published for praisonaiagents (pip) Jun 18, 2026
SnailSploit Credited to SnailSploit
vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router Moderate
CVE-2026-54236 was published for vllm (pip) Jun 17, 2026
SnailSploit Credited to SnailSploit and jperezdealgaba jperezdealgaba jperezdealgaba
Tornado: Authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient High
CVE-2026-49853 was published for tornado (pip) Jun 15, 2026
noobone123 Credited to noobone123, SnailSploit, 0xHunSec, and sondt99 SnailSploit SnailSploit
0xHunSec 0xHunSec sondt99 sondt99
PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default Critical
CVE-2026-47393 was published for PraisonAI (pip) May 29, 2026
SnailSploit Credited to SnailSploit
SnailSploit Credited to SnailSploit
CairoSVG vulnerable to Exponential DoS via recursive <use> element amplification High
CVE-2026-31899 was published for CairoSVG (pip) Mar 13, 2026
SnailSploit Credited to SnailSploit
ProTip! Advisories are also available from the GraphQL API