Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,731
Erlang
35
GitHub Actions
29
Go
2,308
Maven
5,000+
npm
3,949
NuGet
711
pip
3,727
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,727 advisories

Loading
vLLM Vulnerable to Remote Code Execution via Mooncake Integration Critical
CVE-2025-32444 was published for vllm (pip) Apr 29, 2025
kexinoh ShangmingCai
russellb
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching Low
CVE-2025-46570 was published for vllm (pip) May 28, 2025
russellb dr75
DarkLight1337
Tornado vulnerable to excessive logging caused by malformed multipart form data High
CVE-2025-47287 was published for tornado (pip) May 16, 2025
Startr4ck awsactran
vLLM allows clients to crash the openai server with invalid regex Moderate
GHSA-9hcf-v7m4-6m2j was published for vllm (pip) May 28, 2025
g-eoj russellb
Jason-CKY
vLLM Tool Schema allows DoS via Malformed pattern and type Fields Moderate
GHSA-vrq3-r879-7m65 was published for vllm (pip) May 28, 2025
russellb Jason-CKY
multicast in source builds from vulnerable setuptools dependency Moderate
GHSA-94v7-wxj6-r2q5 was published for multicast (pip) May 28, 2025
PyTorch Improper Resource Shutdown or Release vulnerability Moderate
CVE-2025-3730 was published for torch (pip) Apr 16, 2025
PyTorch: `torch.load` with `weights_only=True` leads to remote code execution Critical
CVE-2025-32434 was published for pytorch (pip) Apr 18, 2025
azraelxuemo
vLLM vulnerable to Regular Expression Denial of Service Moderate
GHSA-j828-28rj-hfhp was published for vllm (pip) May 28, 2025
kexinoh russellb
mgoin
vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py` Moderate
GHSA-w6q7-j642-7c25 was published for vllm (pip) May 28, 2025
kexinoh russellb
mgoin
vLLM DOS: Remotely kill vllm over http with invalid JSON schema Moderate
GHSA-6qc9-v4r8-22xg was published for vllm (pip) May 28, 2025
derekhiggins Jason-CKY
russellb
vLLM has a Weakness in MultiModalHasher Image Hashing Implementation Moderate
CVE-2025-46722 was published for vllm (pip) May 28, 2025
kexinoh DarkLight1337
russellb
youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization High
GHSA-22fp-mf44-f2mq was published for youtube-dl (pip) Apr 18, 2025
pukkandan JarLob
Grub4K dirkf rhdesmond
LlamaIndex Retrievers Integration: DuckDBRetriever SQL Injection Critical
CVE-2024-11958 was published for llama-index-retrievers-duckdb-retriever (pip) Mar 20, 2025
LLama-Index CLI OS command injection vulnerability High
CVE-2025-1753 was published for llama-index-cli (pip) May 28, 2025
setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write High
CVE-2025-47273 was published for setuptools (pip) May 19, 2025
SCH227
Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin High
CVE-2025-5279 was published for redshift-connector (pip) May 28, 2025
pypickle unsafe deserialization vulnerability Moderate
CVE-2025-5174 was published for pypickle (pip) May 26, 2025
docarray prototype pollution Moderate
CVE-2025-5150 was published for docarray (pip) May 25, 2025
pypickle Incorrect Privilege Assignment vulnerability Moderate
CVE-2025-5175 was published for pypickle (pip) May 26, 2025
PrinceRaj-0
FunAudioLLM InspireMusic deserialization vulnerability Moderate
CVE-2025-5148 was published for inspiremusic (pip) May 25, 2025
Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking High
CVE-2025-48383 was published for django-select2 (pip) May 27, 2025
neartik ronanboiteau
Hugging Face Transformers Regular Expression Denial of Service Moderate
CVE-2025-2099 was published for transformers (pip) May 19, 2025
rdiffweb's unlimited length email field can lead to DoS High
CVE-2022-3272 was published for rdiffweb (pip) Sep 27, 2022
Vyper's `slice()` may elide side-effects when output length is 0 Low
CVE-2025-47774 was published for vyper (pip) May 16, 2025
th3anatomist
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database