GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4 advisories
pyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an attacker-controlled proxy via unrestricted `proxy.*` config (incomplete fix for CVE-2026-33509 / -35463 / -35464 / -35586)
High
CVE-2026-42313
was published
for
pyload-ng
(pip)
May 4, 2026
FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities
High
CVE-2026-27124
was published
for
fastmcp
(pip)
Mar 31, 2026
marimo vulnerable to proxy abuse of /mpl/{port}/
Moderate
GHSA-xjv7-6w92-42r7
was published
for
marimo
(pip)
Oct 1, 2025
Mitmweb API Authentication Bypass Using Proxy Server
High
CVE-2025-23217
was published
for
mitmproxy
(pip)
Feb 6, 2025
ProTip!
Advisories are also available from the
GraphQL API