Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,519
Maven
5,000+
npm
4,156
NuGet
736
pip
3,956
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,620 advisories

Loading
Hugging Face Transformers library has Regular Expression Denial of Service Moderate
CVE-2025-6051 was published for transformers (pip) Sep 14, 2025
django CMS Cross-Site Scripting (XSS) Moderate
CVE-2024-11319 was published for django-cms (pip) Nov 18, 2024
Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer Moderate
CVE-2025-6638 was published for transformers (pip) Sep 12, 2025
Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods Moderate
CVE-2025-58065 was published for flask-appbuilder (pip) Sep 11, 2025
Fides Webserver API Rate Limiting Vulnerability in Proxied Environments Moderate
CVE-2025-57816 was published for ethyca-fides (pip) Sep 8, 2025
daveqnet eastandwestwind
erosselli
MLFlow SSRF via gateway_proxy_handler Moderate
CVE-2025-52967 was published for mlflow (pip) Jun 23, 2025
steffenkyhn-git
copyparty: Sharing a single file does not fully restrict access to other files in source folder Moderate
CVE-2025-58753 was published for copyparty (pip) Sep 9, 2025
xgrammar vulnerable to denial of service by huge enum grammar Moderate
CVE-2025-58446 was published for xgrammar (pip) Sep 5, 2025
xendo
Infrahub: Deleted and expired API tokens can still authenticate Moderate
CVE-2025-59036 was published for infrahub-server (pip) Sep 10, 2025
fatih-acar
Indico vulnerable to Cross-Site Scripting via LaTeX math code Moderate
CVE-2025-59035 was published for indico (pip) Sep 10, 2025
ThiefMaster
Indico may disclose unauthorized user details access via legacy API Moderate
CVE-2025-59034 was published for indico (pip) Sep 10, 2025
inkz
copyparty vulnerable to reflected cross-site scripting via k304 parameter Moderate
CVE-2023-38501 was published for copyparty (pip) Jul 25, 2023
TheHackyDog
MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction Moderate
CVE-2025-58162 was published for mobsf (pip) Sep 2, 2025
noname1337h1
Local Deep Research's API keys are stored in plain text Moderate
CVE-2025-57806 was published for local-deep-research (pip) Sep 2, 2025
i-d-lytvynenko
PyTorch Improper Resource Shutdown or Release vulnerability Moderate
CVE-2025-3730 was published for torch (pip) Apr 16, 2025
ferdlestier szuliq
Eventlet affected by HTTP request smuggling in unparsed trailers Moderate
CVE-2025-58068 was published for eventlet (pip) Aug 29, 2025
sebastianosrt
OMERO.web displays unecessary user information when requesting password reset Moderate
CVE-2025-54791 was published for omero-web (pip) Aug 13, 2025
Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start Moderate
GHSA-q77w-mwjj-7mqx was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan is missing detection when calling built-in python cProfile.run Moderate
GHSA-49gj-c84q-6qm9 was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan is missing detection when calling built-in python cProfile.runctx Moderate
GHSA-9w88-8rmg-7g2p was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan is missing detection when calling built-in python doctest.debug_script Moderate
GHSA-fqq6-7vqf-w3fg was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcode Moderate
GHSA-3gf5-cxq9-w223 was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand Moderate
GHSA-j343-8v2j-ff7w was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan is missing detection when calling built-in python idlelib.run.Executive.runcode Moderate
GHSA-m869-42cg-3xwr was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan is missing detection when calling built-in python lib2to3.pgen2.pgen.ParserGenerator.make_label Moderate
GHSA-p9w7-82w4-7q8m was published for picklescan (pip) Aug 26, 2025
FredericDT
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database