Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak Critical
CVE-2026-55450 was published for langflow (pip) Jun 17, 2026
vbCrLf Credited to vbCrLf, Jkavia, erichare, AntonioABLima, andifilhohub, and Adam-Aghili Jkavia Jkavia
erichare erichare AntonioABLima AntonioABLima andifilhohub andifilhohub Adam-Aghili Adam-Aghili
Langflow: Unauthenticated RCE in Shareable Playgrounds Critical
CVE-2026-48519 was published for langflow (pip) Jun 16, 2026
vbCrLf Credited to vbCrLf, Jkavia, andifilhohub, and AntonioABLima Jkavia Jkavia
andifilhohub andifilhohub AntonioABLima AntonioABLima
Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints High
CVE-2026-33760 was published for langflow (pip) Jun 16, 2026
akshatgit Credited to akshatgit, AntonioABLima, andifilhohub, ethansilvas, and Jkavia AntonioABLima AntonioABLima
andifilhohub andifilhohub ethansilvas ethansilvas Jkavia Jkavia
Langflow has an Arbitrary File Write (RCE) via v2 API Critical
CVE-2026-33309 was published for langflow (pip) Mar 19, 2026
akshatgit Credited to akshatgit, abhinavagarwal07, Jkavia, and andifilhohub abhinavagarwal07 abhinavagarwal07
Jkavia Jkavia andifilhohub andifilhohub
Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint Critical
CVE-2026-33017 was published for langflow (pip) Mar 17, 2026
Aviral2642 Credited to Aviral2642, andifilhohub, Jkavia, and srmish-jfrog andifilhohub andifilhohub
Jkavia Jkavia srmish-jfrog srmish-jfrog
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database