Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

5,695 advisories

Loading
0xmrma Credited to 0xmrma
json_repair: Circular JSON Schema `$ref` causes unbounded CPU DoS High
GHSA-xf7x-x43h-rpqh was published for json-repair (pip) Jul 13, 2026
DIRAC: SQL injection and lack of access control in PilotManager service High
GHSA-7xw9-549r-8jrc was published for DIRAC (pip) Jul 13, 2026
sfayer Credited to sfayer
DIRAC: Pilot code downloaded over unverified HTTPS connection High
CVE-2026-61668 was published for DIRAC (pip) Jul 13, 2026
sfayer Credited to sfayer
DIRAC is vulnerable to RCE in FileCatalog DatasetManager via SQL injection + eval Critical
CVE-2026-61667 was published for DIRAC (pip) Jul 13, 2026
sfayer Credited to sfayer
DIRAC is vulnerable to RCE in RequestManager due to eval on untrusted input Critical
CVE-2026-45579 was published for DIRAC (pip) Jul 13, 2026
sfayer Credited to sfayer
GeoNode: Stored XSS to full account takeover Moderate
CVE-2024-27091 was published for geonode (pip) Jul 13, 2026
ImThatT Credited to ImThatT
Clauster: Non-loopback deployments can serve the dashboard unauthenticated when auth.enabled is unset High
GHSA-h4g2-xfmw-q2c9 was published for clauster (pip) Jul 10, 2026
mcp-atlassian: Arbitrary file read via missing path validation in confluence_upload_attachment High
GHSA-g5r6-gv6m-f5jv was published for mcp-atlassian (pip) Jul 10, 2026
rainfantry Credited to rainfantry
mcp-atlassian: Arbitrary server-side file read via attachment upload High
GHSA-wm45-qh3g-v83f was published for mcp-atlassian (pip) Jul 10, 2026
0xmagic0 Credited to 0xmagic0
BabelDOC: Arbitrary Code Execution via CMap Pickle Deserialization in babeldoc/pdfminer/cmapdb.py High
CVE-2026-54071 was published for BabelDOC (pip) Jul 10, 2026
EQSTLab Credited to EQSTLab and awwaawwa awwaawwa awwaawwa
0xmrma Credited to 0xmrma
MCP Atlassian: DNS-rebinding TOCTOU bypass of the SSRF fix (CVE-2026-27826) Moderate
GHSA-489g-7rxv-6c8q was published for mcp-atlassian (pip) Jul 10, 2026
daniel-mertz Credited to daniel-mertz
Mistune: Potential DoS via quadratic-time parsing in parse_link_text High
CVE-2026-49851 was published for mistune (pip) Jul 9, 2026
bhanugoudm041 Credited to bhanugoudm041
psd-tools vulnerable to arbitrary file write via smart-object filename Moderate
CVE-2026-49836 was published for psd-tools (pip) Jul 9, 2026
seankohjs Credited to seankohjs and yueyueL yueyueL yueyueL
Rattler vulnerable to package cache path traversal via conda package build string Moderate
CVE-2026-53956 was published for py_rattler (pip) Jul 9, 2026
pypdf: Possible infinite loop when processing threads/articles in writer Moderate
CVE-2026-54651 was published for pypdf (pip) Jul 9, 2026
k0w4lzk1 Credited to k0w4lzk1 and stefan6419846 stefan6419846 stefan6419846
pymonocypher: Potential heap buffer overflow on nb_blocks in argon2i_32 when provided buffer is too small Moderate
CVE-2026-53720 was published for pymonocypher (pip) Jul 9, 2026
hextheshadow Credited to hextheshadow
Soup Sieve: Regular Expression Denial of Service (ReDoS) via Selector Parser High
CVE-2026-49477 was published for soupsieve (pip) Jul 9, 2026
mauriceng98 Credited to mauriceng98
Soup Sieve has Memory Exhaustion via Large Comma-Separated Selector Lists High
CVE-2026-49476 was published for soupsieve (pip) Jul 9, 2026
mauriceng98 Credited to mauriceng98
Phantom: Arbitrary file write and decode-bomb DoS via unconfined MCP tool paths High
GHSA-52vm-mxx8-f227 was published for phantom-audio (pip) Jul 9, 2026
leesaenz Credited to leesaenz
pyLoad: Unbounded Memory Growth Leading to DoS and Potential DDoS in EventManager Moderate
CVE-2026-48987 was published for pyload-ng (pip) Jul 9, 2026
pevinkumar10 Credited to pevinkumar10
pyLoad: SSRF guard bypass via IPv6 6to4/NAT64 transition wrappers of internal IPs Moderate
CVE-2026-48737 was published for pyload-ng (pip) Jul 9, 2026
tonghuaroot Credited to tonghuaroot
Goh3st Credited to Goh3st
Trapster Community: Unauthenticated malformed DNS compression pointers crash per-packet honeypot handler Moderate
GHSA-mxwc-wh95-pw4g was published for trapster (pip) Jul 8, 2026
tonghuaroot Credited to tonghuaroot
ProTip! Advisories are also available from the GraphQL API