GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
9 advisories
Open WebUI: Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameter
Moderate
CVE-2026-54021
was published
for
open-webui
(pip)
Jun 17, 2026
vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels
Moderate
CVE-2026-54235
was published
for
vllm
(pip)
Jun 17, 2026
Docling Core: Unsafe remote filename resolution
High
CVE-2026-44023
was published
for
docling-core
(pip)
Jun 3, 2026
Docling Core: Insufficient validation of image reference URIs
High
CVE-2026-44019
was published
for
docling-core
(pip)
Jun 3, 2026
Docling: Unsafe URI and Path Handling in HTML Backend
High
CVE-2026-47214
was published
for
docling
(pip)
Jun 3, 2026
Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands
Moderate
CVE-2026-44022
was published
for
docling
(pip)
Jun 3, 2026
Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend
Moderate
CVE-2026-44018
was published
for
docling
(pip)
Jun 3, 2026
Docling: Unsafe Playwright-based HTML Rendering
High
CVE-2026-44016
was published
for
docling
(pip)
Jun 3, 2026
fabric-sdk-java has ObjectInputStream.readObject() without ObjectInputFilter, which allows Java deserialization RCE
Critical
CVE-2026-41586
was published
for
org.hyperledger.fabric-sdk-java:fabric-sdk-java
(Maven)
Apr 29, 2026
ProTip!
Advisories are also available from the
GraphQL API