Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,516 advisories

Loading
Transformers Regular Expression Denial of Service (ReDoS) vulnerability Moderate
CVE-2025-1194 was published for transformers (pip) Apr 29, 2025
Duplicate Advisory: Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate Moderate
GHSA-4p4h-9gvq-7xfg was published for picklescan (pip) Apr 24, 2025 withdrawn
LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py Moderate
CVE-2025-46567 was published for llamafactory (pip) Apr 23, 2025
Anchor0221 xhjy2020
OctoPrint Authenticated Reverse Proxy Page Authentication Bypass Moderate
CVE-2025-32788 was published for octoprint (pip) Apr 22, 2025
jacopotediosi
Crawl4AI SSRF vulnerability Moderate
CVE-2025-28197 was published for Crawl4AI (pip) Apr 18, 2025
Rasa Pro Missing Authentication For Voice Connector APIs Moderate
CVE-2025-32377 was published for rasa-pro (pip) Apr 17, 2025
PyTorch Improper Resource Shutdown or Release vulnerability Moderate
CVE-2025-3730 was published for torch (pip) Apr 16, 2025
vLLM vulnerable to Denial of Service by abusing xgrammar cache Moderate
GHSA-hf3c-wxg2-49q9 was published for vllm (pip) Apr 15, 2025
russellb
xgrammar Vulnerable to Denial of Service (DoS) by abusing unbounded cache in memory Moderate
CVE-2025-32381 was published for xgrammar (pip) Apr 9, 2025
russellb Ubospica
DarkSharpness
Picklescan missing detection when calling built-in python library function timeit.timeit() Moderate
GHSA-v7x6-rv5q-mhwc was published for picklescan (pip) Apr 7, 2025
SeaW1nd
Picklescan failed to detect to some unsafe global function in Numpy library Moderate
GHSA-fj43-3qmq-673f was published for picklescan (pip) Apr 7, 2025
SeaW1nd
InternLM LMDeploy code injection vulnerability Moderate
CVE-2025-3163 was published for lmdeploy (pip) Apr 3, 2025
LMDeploy Improper Input Validation Vulnerability Moderate
CVE-2025-3162 was published for lmdeploy (pip) Apr 3, 2025
Django Potential Denial of Service (DoS) on Windows Moderate
CVE-2025-27556 was published for Django (pip) Apr 2, 2025
AWS SAM CLI Path Traversal allows file copy to local cache Moderate
CVE-2025-3048 was published for aws-sam-cli (pip) Mar 31, 2025
kevinbackhouse
AWS SAM CLI Path Traversal allows file copy to build container Moderate
CVE-2025-3047 was published for aws-sam-cli (pip) Mar 31, 2025
kevinbackhouse
Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding Moderate
CVE-2025-31116 was published for mobsf (pip) Mar 31, 2025
Sim4n6
Frappe has possibility of SQL injection due to improper validations Moderate
CVE-2025-30217 was published for frappe (pip) Mar 26, 2025
cydave
Frappe has Possibility of Remote Code Execution due to improper validation Moderate
CVE-2025-30213 was published for frappe (pip) Mar 25, 2025
yeuchimse
Frappe has possibility of SQL injection due to improper validations Moderate
CVE-2025-30212 was published for frappe (pip) Mar 25, 2025
yeuchimse
MLflow Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2025-1473 was published for mlflow (pip) Mar 20, 2025
MLflow Uncontrolled Resource Consumption vulnerability Moderate
CVE-2025-0453 was published for mlflow (pip) Mar 20, 2025
SageMaker Workflow component allows possibility of MD5 hash collisions Moderate
CVE-2025-0508 was published for sagemaker (pip) Mar 20, 2025
composio allows Server-Side Request Forgery (SSRF) in BROWSERTOOL Moderate
CVE-2024-8955 was published for composio-core (pip) Mar 20, 2025
composio Server-Side Request Forgery (SSRF) vulnerability Moderate
CVE-2024-8952 was published for composio-core (pip) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database