GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
17 advisories
pyLoad has a Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)
Moderate
CVE-2026-40594
was published
for
pyload-ng
(pip)
Apr 16, 2026
Improper Authentication and Origin Validation Error in pyload-ng
Moderate
CVE-2026-33314
was published
for
pyload-ng
(pip)
Mar 19, 2026
Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers
High
CVE-2026-32634
was published
for
Glances
(pip)
Mar 16, 2026
Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding
Moderate
CVE-2026-32632
was published
for
Glances
(pip)
Mar 16, 2026
Langflow CORS misconfiguration enables Account Takeover and RCE
Critical
CVE-2025-34291
was published
for
langflow
(pip)
Dec 6, 2025
Neo4j Cypher MCP server is vulnerable to DNS rebinding
High
CVE-2025-10193
was published
for
mcp-neo4j-cypher
(pip)
Sep 11, 2025
Prefect CORS (Cross-Origin Resource Sharing) misconfiguration
High
CVE-2024-8183
was published
for
prefect
(pip)
Mar 20, 2025
Flask-CORS allows for inconsistent CORS matching
Moderate
CVE-2024-6844
was published
for
flask-cors
(pip)
Mar 20, 2025
Gradio's CORS origin validation accepts the null origin
Moderate
CVE-2024-47165
was published
for
gradio
(pip)
Oct 10, 2024
Gradios's CORS origin validation is not performed when the request has a cookie
High
CVE-2024-47084
was published
for
gradio
(pip)
Oct 10, 2024
ProTip!
Advisories are also available from the
GraphQL API