GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,967 advisories
CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql`
Moderate
CVE-2026-42032
was published
for
ckan
(pip)
Apr 30, 2026
Weblate Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url
Moderate
CVE-2026-41654
was published
for
weblate
(pip)
Apr 30, 2026
Weblate Doesn't Invalidate API Token on Password Change
Moderate
CVE-2026-41519
was published
for
weblate
(pip)
Apr 30, 2026
CKAN has CSRF exemption primed by anonymous requests
Moderate
CVE-2026-41255
was published
for
ckan
(pip)
Apr 29, 2026
CKAN has no certificate validation on STMP connection
Moderate
CVE-2026-41132
was published
for
ckan
(pip)
Apr 29, 2026
beets has a Cross-site Scripting vulnerability
Moderate
CVE-2026-42052
was published
for
beets
(pip)
Apr 29, 2026
wlc: print_html outputs API data without HTML escaping
Moderate
GHSA-gx2m-mcc2-r4p3
was published
for
wlc
(pip)
Apr 24, 2026
justhtml has sanitization bypass in custom policies and programmatic DOM
Moderate
GHSA-vrx2-77f2-ww34
was published
for
justhtml
(pip)
Apr 22, 2026
nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding
Moderate
CVE-2026-39378
was published
for
nbconvert
(pip)
Apr 21, 2026
nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames
Moderate
CVE-2026-39377
was published
for
nbconvert
(pip)
Apr 21, 2026
Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values
Moderate
CVE-2026-35588
was published
for
glances
(pip)
Apr 21, 2026
python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback
Moderate
CVE-2026-28684
was published
for
python-dotenv
(pip)
Apr 21, 2026
pretalx mail templates vulnerable to email injection via unescaped user-controlled placeholders
Moderate
CVE-2026-41426
was published
for
pretalx
(pip)
Apr 18, 2026
ProTip!
Advisories are also available from the
GraphQL API