GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,972 advisories
pyload-ng: non-admin SETTINGS users can disable outbound TLS peer verification via unrestricted `ssl_verify` config (incomplete fix for CVE-2026-33509 / -35463 / -35464 / -35586)
Moderate
CVE-2026-42312
was published
for
pyload-ng
(pip)
May 4, 2026
wlc: print_html outputs API data without HTML escaping
Moderate
CVE-2026-42150
was published
for
wlc
(pip)
Apr 24, 2026
Pillow has a PDF Parsing Trailer Infinite Loop (DoS)
Moderate
CVE-2026-42310
was published
for
pillow
(pip)
May 4, 2026
CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql`
Moderate
CVE-2026-42032
was published
for
ckan
(pip)
Apr 30, 2026
Weblate Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url
Moderate
CVE-2026-41654
was published
for
weblate
(pip)
Apr 30, 2026
Weblate Doesn't Invalidate API Token on Password Change
Moderate
CVE-2026-41519
was published
for
weblate
(pip)
Apr 30, 2026
CKAN has CSRF exemption primed by anonymous requests
Moderate
CVE-2026-41255
was published
for
ckan
(pip)
Apr 29, 2026
CKAN has no certificate validation on STMP connection
Moderate
CVE-2026-41132
was published
for
ckan
(pip)
Apr 29, 2026
beets has a Cross-site Scripting vulnerability
Moderate
CVE-2026-42052
was published
for
beets
(pip)
Apr 29, 2026
LangChain Text Splitters: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass
Moderate
CVE-2026-41481
was published
for
langchain-text-splitters
(pip)
Apr 16, 2026
JupyterHub has an Open Redirect Vulnerability
Moderate
CVE-2026-33709
was published
for
jupyterhub
(pip)
Apr 3, 2026
pretalx mail templates vulnerable to email injection via unescaped user-controlled placeholders
Moderate
CVE-2026-41426
was published
for
pretalx
(pip)
Apr 18, 2026
Home Assistant Command-line Interface: Handling of user-supplied Jinja2 templates
Moderate
CVE-2026-40602
was published
for
homeassistant-cli
(pip)
Apr 16, 2026
pyLoad has a Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)
Moderate
CVE-2026-40594
was published
for
pyload-ng
(pip)
Apr 16, 2026
mitmproxy has an LDAP Injection
Moderate
CVE-2026-40606
was published
for
mitmproxy
(pip)
Apr 14, 2026
ProTip!
Advisories are also available from the
GraphQL API