GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
29,426 advisories
Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster
Critical
CVE-2026-4370
was published
for
github.com/juju/juju
(Go)
Apr 2, 2026
PraisonAI Has Authentication Bypass via OAuthManager.validate_token()
Critical
CVE-2026-34953
was published
for
praisonai
(pip)
Apr 1, 2026
PraisonAI Has Missing Authentication in WebSocket Gateway
Critical
CVE-2026-34952
was published
for
praisonai
(pip)
Apr 1, 2026
PraisonAI Has Second-Order SQL Injection in `get_all_user_threads`
Critical
CVE-2026-34934
was published
for
praisonai
(pip)
Apr 1, 2026
PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command()
Critical
CVE-2026-34935
was published
for
praisonai
(pip)
Apr 1, 2026
PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code
Critical
CVE-2026-34938
was published
for
praisonaiagents
(pip)
Apr 1, 2026
CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise
Critical
CVE-2026-34571
was published
for
ci4-cms-erp/ci4ms
(Composer)
Apr 1, 2026
CI4MS: Blogs Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Critical
CVE-2026-34569
was published
for
ci4-cms-erp/ci4ms
(Composer)
Apr 1, 2026
CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Critical
CVE-2026-34568
was published
for
ci4-cms-erp/ci4ms
(Composer)
Apr 1, 2026
CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Critical
CVE-2026-34567
was published
for
ci4-cms-erp/ci4ms
(Composer)
Apr 1, 2026
CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Critical
CVE-2026-34566
was published
for
ci4-cms-erp/ci4ms
(Composer)
Apr 1, 2026
CI4MS: Menu Management (Posts) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Critical
CVE-2026-34565
was published
for
ci4-cms-erp/ci4ms
(Composer)
Apr 1, 2026
CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Critical
CVE-2026-34564
was published
for
ci4-cms-erp/ci4ms
(Composer)
Apr 1, 2026
CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS
Critical
CVE-2026-34563
was published
for
ci4-cms-erp/ci4ms
(Composer)
Apr 1, 2026
CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Critical
CVE-2026-34560
was published
for
ci4-cms-erp/ci4ms
(Composer)
Apr 1, 2026
CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Critical
CVE-2026-34559
was published
for
ci4-cms-erp/ci4ms
(Composer)
Apr 1, 2026
ProTip!
Advisories are also available from the
GraphQL API