Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,753
Erlang
35
GitHub Actions
29
Go
2,326
Maven
5,000+
npm
3,956
NuGet
712
pip
3,740
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,516 advisories

Loading
CodeChecker open redirect when URL contains multiple slashes after the product name Moderate
CVE-2025-1300 was published for codechecker (pip) Mar 3, 2025
Discookie
PyTorch Model Files Can Bypass Pickle Scanners via Unexpected Pickle Extensions Moderate
CVE-2025-1889 was published for picklescan (pip) Mar 3, 2025
madgetr
Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis Moderate
CVE-2025-1716 was published for picklescan (pip) Mar 3, 2025
madgetr
Duplicate Advisory: Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis Moderate
GHSA-hw34-rqc5-h2gm was published for picklescan (pip) Mar 3, 2025 withdrawn
Jinja2 vulnerable to sandbox breakout through attr filter selecting format method Moderate
CVE-2025-27516 was published for Jinja2 (pip) Mar 5, 2025
securingapps
ray vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2025-1979 was published for ray (pip) Mar 6, 2025
Django vulnerable to Allocation of Resources Without Limits or Throttling Moderate
CVE-2025-26699 was published for Django (pip) Mar 6, 2025
Duplicate Advisory: Zip Exploit Crashes Picklescan But Not PyTorch Moderate
GHSA-w6mr-mj53-x258 was published for picklescan (pip) Mar 10, 2025 withdrawn
Duplicate Advisory: Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch Moderate
GHSA-2fh4-gpch-vqv4 was published for picklescan (pip) Mar 10, 2025 withdrawn
Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch Moderate
CVE-2025-1945 was published for picklescan (pip) Mar 10, 2025
madgetr axsonatype
Zip Exploit Crashes Picklescan But Not PyTorch Moderate
CVE-2025-1944 was published for picklescan (pip) Mar 10, 2025
madgetr axsonatype
Azure PromptFlow remote code execution related to Jinja templates Moderate
CVE-2025-24986 was published for promptflow-core (pip) Mar 11, 2025
Rembg allows SSRF via /api/remove Moderate
CVE-2025-25301 was published for rembg (pip) Mar 11, 2025
XPixelGroup BasicSR Command Injection Moderate
CVE-2024-27763 was published for basicsr (pip) Mar 12, 2025
aydinnyunus
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations Moderate
CVE-2025-29780 was published for PostQuantum-Feldman-VSS (pip) Mar 14, 2025
DavidOsipov
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution` Moderate
CVE-2025-29779 was published for PostQuantum-Feldman-VSS (pip) Mar 14, 2025
DavidOsipov
Apache Airflow MySQL Provider is Vulnerable to SQL Injection Moderate
CVE-2025-27018 was published for apache-airflow-providers-mysql (pip) Mar 19, 2025
vLLM denial of service via outlines unbounded cache on disk Moderate
CVE-2025-29770 was published for vllm (pip) Mar 19, 2025
russellb
langchain-core allows unauthorized users to read arbitrary files from the host file system Moderate
CVE-2024-10940 was published for langchain-core (pip) Mar 20, 2025
zly123987
FastChat open redirect vulnerability Moderate
CVE-2024-10908 was published for fschat (pip) Mar 20, 2025
Gradio Path Traversal vulnerability Moderate
CVE-2024-12217 was published for gradio (pip) Mar 20, 2025
BentoML Open Redirect vulnerability Moderate
GHSA-564p-rx2q-4c8v was published for bentoml (pip) Mar 20, 2025
Transformers Regular Expression Denial of Service (ReDoS) vulnerability Moderate
CVE-2024-12720 was published for transformers (pip) Mar 20, 2025
Aim vulnerable to Synchronous Access of Remote Resource without Timeout Moderate
CVE-2024-12777 was published for aim (pip) Mar 20, 2025
Aim Relative Path Traversal vulnerability Moderate
CVE-2024-6483 was published for aim (pip) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database