Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,838
Erlang
36
GitHub Actions
33
Go
2,460
Maven
5,000+
npm
4,082
NuGet
723
pip
3,873
Pub
12
RubyGems
943
Rust
1,010
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,491 advisories

Loading
Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs High
CVE-2025-57751 was published for pyload-ng (pip) Aug 21, 2025
cyjhhh
vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder High
CVE-2025-9141 was published for vllm (pip) Aug 21, 2025
levigross russellb
vllm API endpoints vulnerable to Denial of Service Attacks High
CVE-2025-48956 was published for vllm (pip) Aug 21, 2025
jperezdealgaba russellb
taneem-ibrahim
Copier's safe template has arbitrary filesystem read/write access High
CVE-2025-55201 was published for copier (pip) Aug 18, 2025
sisp pawamoy
yajo
Python-Future Module Arbitrary Code Execution via Unintended Import of test.py High
CVE-2025-50817 was published for future (pip) Aug 14, 2025
Keras vulnerable to CVE-2025-1550 bypass via reuse of internal functionality High
CVE-2025-8747 was published for keras (pip) Aug 12, 2025
Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass High
GHSA-9gvj-pp9x-gcfr was published for picklescan (pip) Aug 12, 2025
Lyutoon
PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter High
CVE-2025-55156 was published for pyload-ng (pip) Aug 12, 2025
cyjhhh
Duplicate Advisory: Keras safe mode bypass vulnerability High
GHSA-pwq7-2gvj-vg9v was published for keras (pip) Aug 11, 2025 withdrawn
SKOPS Card.get_model happily allows arbitrary code execution High
CVE-2025-54886 was published for skops (pip) Aug 7, 2025
io-no
copyparty allows Regex Denial of Service (ReDoS) in the upload listing High
CVE-2025-54796 was published for copyparty (pip) Aug 4, 2025
geraldino2
OpenEXR Heap-Based Buffer Overflow in Deep Scanline Parsing via Forged Unpacked Size High
CVE-2025-48071 was published for OpenEXR (pip) Jul 31, 2025
suidpit TheZ3ro
ndaprela smaury
Bugsink path traversal via event_id in ingestion High
CVE-2025-54433 was published for bugsink (pip) Jul 29, 2025
Skops may allow MethodNode to access unexpected object fields through dot notation, leading to arbitrary code execution at load time High
CVE-2025-54413 was published for skops (pip) Jul 25, 2025
io-no
Skops has Inconsistent Trusted Type Validation that Enables Hidden `operator` Methods Execution High
CVE-2025-54412 was published for skops (pip) Jul 25, 2025
io-no
Calibre Web and Autocaliweb have a ReDoS vulnerability High
CVE-2025-6998 was published for calibreweb (pip) Jul 24, 2025
gelbphoenix
FastAPI Guard has a regex bypass High
CVE-2025-54365 was published for fastapi-guard (pip) Jul 23, 2025
dhki rennf93
`pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write High
CVE-2025-54140 was published for pyload-ng (pip) Jul 21, 2025
opsysdebug
Cadwyn vulnerable to XSS on the docs page High
CVE-2025-53528 was published for cadwyn (pip) Jul 21, 2025
protozeit
ExecuTorch vulnerable to Heap-based Buffer Overflow attack High
CVE-2025-30402 was published for executorch (pip) Jul 11, 2025
pyLoad is vulnerable to attacks that bypass localhost restrictions, enabling the creation of arbitrary packages High
CVE-2025-7346 was published for pyload-ng (pip) Jul 8, 2025
PinkDraconian
Duplicate Advisory: GHSA-x698-5hjm-w2m5 High
GHSA-2wcm-vx67-3x4q was published for pyload-ng (pip) Jul 8, 2025 withdrawn
LlamaIndex vulnerable to Path Traversal attack through its encode_image function High
CVE-2025-6209 was published for llama-index-core (pip) Jul 7, 2025
Lord of Large Language Models vulnerable to Observable Discrepancy attack via authenticate_user function High
CVE-2025-6386 was published for lollms (pip) Jul 7, 2025
LlamaIndex is vulnerable to Path Traversal attack through its ObsidianReader class High
CVE-2025-3046 was published for llama-index-readers-obsidian (pip) Jul 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database