Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,753
Erlang
35
GitHub Actions
29
Go
2,326
Maven
5,000+
npm
3,956
NuGet
712
pip
3,740
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,516 advisories

Loading
Aim vulnerable to Synchronous Access of Remote Resource without Timeout Moderate
CVE-2024-12777 was published for aim (pip) Mar 20, 2025
Aim Relative Path Traversal vulnerability Moderate
CVE-2024-6483 was published for aim (pip) Mar 20, 2025
Gradio Vulnerable to Open Redirect Moderate
CVE-2024-8021 was published for gradio (pip) Mar 20, 2025
TorchServe script references S3 bucket without ensuring ownership or confirming accessibility Moderate
CVE-2024-6577 was published for torchserve (pip) Mar 20, 2025
Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2024-7035 was published for open-webui (pip) Mar 20, 2025
MLflow Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2025-1473 was published for mlflow (pip) Mar 20, 2025
MLflow Uncontrolled Resource Consumption vulnerability Moderate
CVE-2025-0453 was published for mlflow (pip) Mar 20, 2025
SageMaker Workflow component allows possibility of MD5 hash collisions Moderate
CVE-2025-0508 was published for sagemaker (pip) Mar 20, 2025
MLflow Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-6838 was published for mlflow (pip) Mar 20, 2025
Apache Airflow MySQL Provider is Vulnerable to SQL Injection Moderate
CVE-2025-27018 was published for apache-airflow-providers-mysql (pip) Mar 19, 2025
Information leakage in YAQL Moderate
CVE-2024-29156 was published for yaql (pip) Mar 18, 2024
Nebari prints temporary Keycloak root password Moderate
CVE-2024-34529 was published for nebari (pip) May 6, 2024
Frappe has Possibility of Remote Code Execution due to improper validation Moderate
CVE-2025-30213 was published for frappe (pip) Mar 25, 2025
yeuchimse
Frappe has possibility of SQL injection due to improper validations Moderate
CVE-2025-30212 was published for frappe (pip) Mar 25, 2025
yeuchimse
Frappe has possibility of SQL injection due to improper validations Moderate
CVE-2025-30217 was published for frappe (pip) Mar 26, 2025
cydave
Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding Moderate
CVE-2025-31116 was published for mobsf (pip) Mar 31, 2025
Sim4n6
Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS) Moderate
CVE-2024-27083 was published for Flask-AppBuilder (pip) Feb 28, 2024
chor4o dpgaspar
LlamaIndex Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-12910 was published for llama-index (pip) Mar 20, 2025
AWS SAM CLI Path Traversal allows file copy to build container Moderate
CVE-2025-3047 was published for aws-sam-cli (pip) Mar 31, 2025
kevinbackhouse
AWS SAM CLI Path Traversal allows file copy to local cache Moderate
CVE-2025-3048 was published for aws-sam-cli (pip) Mar 31, 2025
kevinbackhouse
OpenStack Swift XML external entities (XXE) Injection Moderate
CVE-2022-47950 was published for swift (pip) Jan 18, 2023
Picklescan failed to detect to some unsafe global function in Numpy library Moderate
GHSA-fj43-3qmq-673f was published for picklescan (pip) Apr 7, 2025
SeaW1nd
Picklescan missing detection when calling built-in python library function timeit.timeit() Moderate
GHSA-v7x6-rv5q-mhwc was published for picklescan (pip) Apr 7, 2025
SeaW1nd
Trac Open Redirect vulnerability Moderate
CVE-2008-2951 was published for trac (pip) May 1, 2022
Moderate severity vulnerability that affects Products.PlonePAS Moderate
CVE-2009-0662 was published for Products.PlonePAS (pip) Jul 23, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database