GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
31,212 advisories
praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id}
High
CVE-2026-47412
was published
for
praisonai-platform
(pip)
Jun 1, 2026
praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR
High
CVE-2026-47415
was published
for
praisonai-platform
(pip)
Jun 1, 2026
praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR
High
CVE-2026-47417
was published
for
praisonai-platform
(pip)
Jun 1, 2026
praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR
High
CVE-2026-47418
was published
for
praisonai-platform
(pip)
Jun 1, 2026
rattler has an entry-point path traversal in noarch:python install (arbitrary file write)
Moderate
CVE-2026-47425
was published
for
rattler
(Rust)
Jun 1, 2026
Vitest browser mode serves unsanitized otelCarrier query parameter as inline script
Critical
CVE-2026-47428
was published
for
@vitest/browser
(npm)
Jun 1, 2026
When Vitest UI server is listening, arbitrary file can be read and executed
Critical
CVE-2026-47429
was published
for
vitest
(npm)
Jun 1, 2026
DOMPurify XSS via selectedcontent re-clone
High
CVE-2026-47423
was published
for
dompurify
(npm)
Jun 1, 2026
Nezha's authenticated agents can forge service-monitor results for other users' services
High
CVE-2026-48119
was published
for
github.com/nezhahq/nezha
(Go)
Jun 1, 2026
praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}
Critical
CVE-2026-47416
was published
for
praisonai-platform
(pip)
May 29, 2026
praisonai-platform: Label endpoints' unchecked label_id/issue_id enable cross-workspace label IDOR (edit, delete, link)
High
CVE-2026-47414
was published
for
praisonai-platform
(pip)
May 29, 2026
PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership
High
CVE-2026-47405
was published
for
praisonai-platform
(pip)
May 29, 2026
PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID
High
CVE-2026-47399
was published
for
praisonai-platform
(pip)
May 29, 2026
PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation
Critical
CVE-2026-47407
was published
for
praisonai-platform
(pip)
May 29, 2026
PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API
High
CVE-2026-48169
was published
for
praisonai-platform
(pip)
May 29, 2026
PraisonAI has an Arbitrary File Write in Python API
High
CVE-2026-47397
was published
for
PraisonAI
(pip)
May 29, 2026
PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution
Critical
CVE-2026-47391
was published
for
PraisonAI
(pip)
May 29, 2026
ProTip!
Advisories are also available from the
GraphQL API