Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,943 advisories

Loading
OpenStack Neutron allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism Critical
CVE-2015-8914 was published for neutron (pip) May 14, 2022
OpenStack Neutron allows remote attackers to bypass an intended DHCP-spoofing protection mechanism High
CVE-2016-5362 was published for neutron (pip) May 14, 2022
python-gnupg allows context-dependent attackers to execute arbitrary commands via shell metacharacters High
CVE-2013-7323 was published for python-gnupg (pip) Nov 6, 2018
TigerVNC accessible via the network and not just via a UNIX socket as intended Critical
CVE-2025-32428 was published for jupyter-remote-desktop-proxy (pip) Apr 12, 2025
frejanordsiek consideRatio
minrk
Python Charmers Future denial of service vulnerability High
CVE-2022-40899 was published for future (pip) Dec 23, 2022
GoetzGoerisch
BentoML Open Redirect vulnerability Moderate
GHSA-564p-rx2q-4c8v was published for bentoml (pip) Mar 20, 2025
BentoML vulnerable to Uncontrolled Resource Consumption High
GHSA-hh3j-9m59-p8vc was published for bentoml (pip) Mar 20, 2025
Open WebUI has vulnerable dependency on starlette via fastapi High
GHSA-w466-2wfc-8g58 was published for open-webui (pip) Mar 20, 2025
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability in api/chat/file High
GHSA-6wj5-5pgr-jwq8 was published for open-webui (pip) Mar 20, 2025
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability High
GHSA-5ccf-884p-4jjq was published for open-webui (npm) Mar 20, 2025
vLLM vulnerable to Denial of Service by abusing xgrammar cache Moderate
GHSA-hf3c-wxg2-49q9 was published for vllm (pip) Apr 15, 2025
russellb
VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext Low
CVE-2025-32021 was published for weblate (pip) Apr 15, 2025
joonashak nijel
gersona
Duplicate Advisory: D-Tale Command Injection vulnerability Critical
CVE-2025-0655 was published for dtale (pip) Mar 20, 2025 withdrawn
Whoogle allows attackers to execute arbitrary code via supplying a crafted search query High
CVE-2024-53305 was published for whoogle-search (pip) Apr 16, 2025
Crawl4AI SSRF vulnerability Moderate
CVE-2025-28197 was published for Crawl4AI (pip) Apr 18, 2025
Web2py Reflected XSS vulnerability Moderate
CVE-2016-4807 was published for web2py (pip) May 17, 2022
Pycel allows code injection via a crafted formula High
CVE-2024-53924 was published for pycel (pip) Apr 17, 2025
OpenEXR invalid write High
CVE-2017-9111 was published for OpenEXR (pip) May 13, 2022
OpenEXR invalid read Moderate
CVE-2017-9112 was published for OpenEXR (pip) May 13, 2022
CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0 Critical
GHSA-ggpf-24jw-3fcw was published for vllm (pip) Apr 23, 2025
azraelxuemo russellb
Rasa Pro Missing Authentication For Voice Connector APIs Moderate
CVE-2025-32377 was published for rasa-pro (pip) Apr 17, 2025
BentoML's runner server Vulnerable to Remote Code Execution (RCE) via Insecure Deserialization Critical
CVE-2025-32375 was published for bentoml (pip) Apr 9, 2025
SeaW1nd
InternLM LMDeploy code injection vulnerability Moderate
CVE-2025-3163 was published for lmdeploy (pip) Apr 3, 2025
LMDeploy Improper Input Validation Vulnerability Moderate
CVE-2025-3162 was published for lmdeploy (pip) Apr 3, 2025
Vyper Does Not Check the Success of Certain Precompile Calls Low
CVE-2025-21607 was published for vyper (pip) Jan 14, 2025
ritzdorf vasinicola
trocher
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database