Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,632
Erlang
34
GitHub Actions
25
Go
2,231
Maven
5,000+
npm
3,897
NuGet
701
pip
3,664
Pub
12
RubyGems
914
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,664 advisories

Loading
vLLM vulnerable to Denial of Service by abusing xgrammar cache Moderate
GHSA-hf3c-wxg2-49q9 was published for vllm (pip) Apr 15, 2025
russellb
VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext Low
CVE-2025-32021 was published for weblate (pip) Apr 15, 2025
joonashak nijel
gersona
TigerVNC accessible via the network and not just via a UNIX socket as intended Critical
CVE-2025-32428 was published for jupyter-remote-desktop-proxy (pip) Apr 12, 2025
frejanordsiek consideRatio
minrk
xgrammar Vulnerable to Denial of Service (DoS) by abusing unbounded cache in memory Moderate
CVE-2025-32381 was published for xgrammar (pip) Apr 9, 2025
russellb Ubospica
DarkSharpness
BentoML's runner server Vulnerable to Remote Code Execution (RCE) via Insecure Deserialization Critical
CVE-2025-32375 was published for bentoml (pip) Apr 9, 2025
SeaW1nd
Picklescan missing detection when calling built-in python library function timeit.timeit() Moderate
GHSA-v7x6-rv5q-mhwc was published for picklescan (pip) Apr 7, 2025
SeaW1nd
Picklescan failed to detect to some unsafe global function in Numpy library Moderate
GHSA-fj43-3qmq-673f was published for picklescan (pip) Apr 7, 2025
SeaW1nd
Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate High
GHSA-93mv-x874-956g was published for picklescan (pip) Apr 7, 2025
david3107
LNbits Lightning Network Payment System Vulnerable to Server-Side Request Forgery via LNURL Authentication Callback Critical
CVE-2025-32013 was published for lnbits (pip) Apr 7, 2025
xbow-security
Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint Critical
CVE-2025-3248 was published for langflow (pip) Apr 7, 2025
Apache Airflow Common SQL Provider Vulnerable to SQL Injection High
CVE-2025-30473 was published for apache-airflow-providers-common-sql (pip) Apr 7, 2025
BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization Critical
CVE-2025-27520 was published for bentoml (pip) Apr 4, 2025
c2an1
jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal" High
CVE-2025-30370 was published for jupyterlab-git (pip) Apr 4, 2025
dlqqq rpwagner
krassowski
LMDeploy Improper Input Validation Vulnerability Moderate
CVE-2025-3162 was published for lmdeploy (pip) Apr 3, 2025
pgAdmin 4 Vulnerable to Remote Code Execution Critical
CVE-2025-2945 was published for pgadmin4 (pip) Apr 3, 2025
pgAdmin 4 Vulnerable to Cross-Site Scripting (XSS) via Query Result Rendering Critical
CVE-2025-2946 was published for pgadmin4 (pip) Apr 3, 2025
Django Potential Denial of Service (DoS) on Windows Moderate
CVE-2025-27556 was published for Django (pip) Apr 2, 2025
AWS SAM CLI Path Traversal allows file copy to local cache Moderate
CVE-2025-3048 was published for aws-sam-cli (pip) Mar 31, 2025
kevinbackhouse
AWS SAM CLI Path Traversal allows file copy to build container Moderate
CVE-2025-3047 was published for aws-sam-cli (pip) Mar 31, 2025
kevinbackhouse
Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding Moderate
CVE-2025-31116 was published for mobsf (pip) Mar 31, 2025
Sim4n6
PyTorch susceptible to local Denial of Service Low
CVE-2025-2953 was published for torch (pip) Mar 30, 2025
Mesop Class Pollution vulnerability leads to DoS and Jailbreak attacks High
CVE-2025-30358 was published for mesop (pip) Mar 27, 2025
jackfromeast superboy-zjc
Synapse vulnerable to federation denial of service via malformed events High
CVE-2025-30355 was published for matrix-synapse (pip) Mar 27, 2025
Django TomSelect incomplete escaping of dangerous characters in widget attributes Low
GHSA-785h-76cm-cpmf was published for django-tomselect (pip) Mar 26, 2025
pysean3
Frappe has possibility of SQL injection due to improper validations Moderate
CVE-2025-30217 was published for frappe (pip) Mar 26, 2025
cydave
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database