Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,780
Erlang
36
GitHub Actions
29
Go
2,338
Maven
5,000+
npm
3,973
NuGet
715
pip
3,769
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,769 advisories

Loading
MLflow Path Traversal vulnerability Critical
CVE-2023-3765 was published for mlflow (pip) Jul 19, 2023
cleo is vulnerable to Regular Expression Denial of Service (ReDoS) Moderate
CVE-2022-42966 was published for cleo (pip) Nov 10, 2022
neersighted tdunlap607
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images Low
CVE-2023-41048 was published for plone.namedfile (pip) Sep 21, 2023
msegoviag
Withdrawn Advisory: Mobile Security Framework (MobSF) Vulnerable to Insecure Permissions High
CVE-2023-42261 was published for mobsf (pip) Sep 22, 2023 withdrawn
Unrestricted file upload in kiwi TCMS High
CVE-2023-30613 was published for kiwitcms (pip) Apr 24, 2023
mosaa404
OpenStack Compute (Nova) does not verify the virtual size of a QCOW2 image Moderate
CVE-2013-2096 was published for nova (pip) May 17, 2022
OpenStack Identity (Keystone) Trustee token revocations does not work with memcache backend High
CVE-2014-2237 was published for keystone (pip) May 17, 2022
Roundup Cross-site Scripting (XSS) vulnerability Moderate
CVE-2012-6130 was published for roundup (pip) May 17, 2022
OpenStack Dashboard (aka Horizon) vulnerable to Cross-site Scripting Moderate
CVE-2014-0157 was published for horizon (pip) May 14, 2022
OpenStack Compute (Nova) allows remote authenticated users to gain privileges via API requests Moderate
CVE-2014-0167 was published for nova (pip) May 17, 2022
Pillow Temporary file name leakage Moderate
CVE-2014-1933 was published for Pillow (pip) May 18, 2020
OpenStack Neutron allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism Critical
CVE-2015-8914 was published for neutron (pip) May 14, 2022
OpenStack Neutron allows remote attackers to bypass an intended DHCP-spoofing protection mechanism High
CVE-2016-5362 was published for neutron (pip) May 14, 2022
python-gnupg allows context-dependent attackers to execute arbitrary commands via shell metacharacters High
CVE-2013-7323 was published for python-gnupg (pip) Nov 6, 2018
TigerVNC accessible via the network and not just via a UNIX socket as intended Critical
CVE-2025-32428 was published for jupyter-remote-desktop-proxy (pip) Apr 12, 2025
frejanordsiek consideRatio
minrk
Python Charmers Future denial of service vulnerability High
CVE-2022-40899 was published for future (pip) Dec 23, 2022
GoetzGoerisch
BentoML Open Redirect vulnerability Moderate
GHSA-564p-rx2q-4c8v was published for bentoml (pip) Mar 20, 2025
BentoML vulnerable to Uncontrolled Resource Consumption High
GHSA-hh3j-9m59-p8vc was published for bentoml (pip) Mar 20, 2025
Open WebUI has vulnerable dependency on starlette via fastapi High
GHSA-w466-2wfc-8g58 was published for open-webui (pip) Mar 20, 2025
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability in api/chat/file High
GHSA-6wj5-5pgr-jwq8 was published for open-webui (pip) Mar 20, 2025
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability High
GHSA-5ccf-884p-4jjq was published for open-webui (npm) Mar 20, 2025
vLLM vulnerable to Denial of Service by abusing xgrammar cache Moderate
GHSA-hf3c-wxg2-49q9 was published for vllm (pip) Apr 15, 2025
russellb
VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext Low
CVE-2025-32021 was published for weblate (pip) Apr 15, 2025
joonashak nijel
gersona
Duplicate Advisory: D-Tale Command Injection vulnerability Critical
CVE-2025-0655 was published for dtale (pip) Mar 20, 2025 withdrawn
Whoogle allows attackers to execute arbitrary code via supplying a crafted search query High
CVE-2024-53305 was published for whoogle-search (pip) Apr 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database