GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
10 advisories
Gogs has an Authentication Bypass via Unvalidated Reverse Proxy Headers
High
CVE-2026-25119
was published
for
gogs.io/gogs
(Go)
Jun 22, 2026
Open WebUI has a SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints (not addressed by CVE-2025-65958)
High
CVE-2026-45401
was published
for
open-webui
(pip)
May 14, 2026
Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base Access Controls
High
CVE-2026-45398
was published
for
open-webui
(pip)
May 14, 2026
Flowise: Cypher Injection in GraphCypherQAChain
High
CVE-2026-41274
was published
for
flowise
(npm)
Apr 16, 2026
Flowise: Path Traversal in Vector Store basePath
Moderate
GHSA-w6v6-49gh-mc9w
was published
for
flowise
(npm)
Apr 16, 2026
Flowise Missing Authentication on NVIDIA NIM Endpoints
High
CVE-2026-30824
was published
for
flowise
(npm)
Mar 6, 2026
Flowise Vulnerable to PII Disclosure on Unauthenticated Forgot Password Endpoint
Moderate
GHSA-jc5m-wrp2-qq38
was published
for
flowise
(npm)
Mar 5, 2026
Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure
Critical
CVE-2026-27944
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Mar 5, 2026
Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret
Low
CVE-2026-27167
was published
for
gradio
(pip)
Mar 1, 2026
Gogs Allows Cross-Repository Comment Deletion via DeleteComment
Moderate
CVE-2026-25120
was published
for
gogs.io/gogs
(Go)
Feb 17, 2026
ProTip!
Advisories are also available from the
GraphQL API