Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,516 advisories

Loading
AgentScope stored cross-site scripting (XSS) vulnerability Moderate
CVE-2024-8556 was published for agentscope (pip) Mar 20, 2025
Aim Improper Access Control Moderate
CVE-2024-8238 was published for aim (pip) Mar 20, 2025
Gradio Vulnerable to Open Redirect Moderate
CVE-2024-8021 was published for gradio (pip) Mar 20, 2025
Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2024-7035 was published for open-webui (pip) Mar 20, 2025
Open WebUI Allows Viewing of Admin Details Moderate
CVE-2024-7046 was published for open-webui (pip) Mar 20, 2025
Open WebUI Has Improper Access Control Leading to Arbitrary Prompt Read Moderate
CVE-2024-7045 was published for open-webui (pip) Mar 20, 2025
Flask-CORS improper regex path matching vulnerability Moderate
CVE-2024-6839 was published for flask-cors (pip) Mar 20, 2025
adrianosela
Flask-CORS allows for inconsistent CORS matching Moderate
CVE-2024-6844 was published for flask-cors (pip) Mar 20, 2025
adrianosela
Flask-CORS vulnerable to Improper Handling of Case Sensitivity Moderate
CVE-2024-6866 was published for flask-cors (pip) Mar 20, 2025
adrianosela
H2O Vulnerable to Execution of Arbitrary Files Moderate
CVE-2024-6863 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
MLflow Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-6838 was published for mlflow (pip) Mar 20, 2025
Open WebUI Vulnerable to Cross-Site Scripting (XSS) via Chat File Upload Moderate
CVE-2024-7044 was published for open-webui (pip) Mar 20, 2025
TorchServe script references S3 bucket without ensuring ownership or confirming accessibility Moderate
CVE-2024-6577 was published for torchserve (pip) Mar 20, 2025
Open WebUI Allows Arbitrary File Write via the `/models/upload` Endpoint Moderate
CVE-2024-7034 was published for open-webui (pip) Mar 20, 2025
Open WebUI Allows Arbitrary File Write via the `download_model` Endpoint Moderate
CVE-2024-7033 was published for open-webui (pip) Mar 20, 2025
Aim Relative Path Traversal vulnerability Moderate
CVE-2024-6483 was published for aim (pip) Mar 20, 2025
LlamaIndex Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-12910 was published for llama-index (pip) Mar 20, 2025
BentoML Open Redirect vulnerability Moderate
GHSA-564p-rx2q-4c8v was published for bentoml (pip) Mar 20, 2025
Transformers Regular Expression Denial of Service (ReDoS) vulnerability Moderate
CVE-2024-12720 was published for transformers (pip) Mar 20, 2025
Aim vulnerable to Synchronous Access of Remote Resource without Timeout Moderate
CVE-2024-12777 was published for aim (pip) Mar 20, 2025
Gradio Path Traversal vulnerability Moderate
CVE-2024-12217 was published for gradio (pip) Mar 20, 2025
langchain-core allows unauthorized users to read arbitrary files from the host file system Moderate
CVE-2024-10940 was published for langchain-core (pip) Mar 20, 2025
zly123987
FastChat open redirect vulnerability Moderate
CVE-2024-10908 was published for fschat (pip) Mar 20, 2025
vLLM denial of service via outlines unbounded cache on disk Moderate
CVE-2025-29770 was published for vllm (pip) Mar 19, 2025
russellb
Apache Airflow MySQL Provider is Vulnerable to SQL Injection Moderate
CVE-2025-27018 was published for apache-airflow-providers-mysql (pip) Mar 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database