Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,943 advisories

Loading
Duplicate Advisory: Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate Moderate
GHSA-4p4h-9gvq-7xfg was published for picklescan (pip) Apr 24, 2025 withdrawn
Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate High
CVE-2025-46417 was published for picklescan (pip) Apr 7, 2025
david3107
h11 accepts some malformed Chunked-Encoding bodies Critical
CVE-2025-43859 was published for h11 (pip) Apr 24, 2025
JeppW
blosc2 heap-based buffer overflow High
CVE-2020-29367 was published for blosc2 (pip) May 24, 2022
markdownify allows large headline prefixes such as <h9999999>, which causes memory consumption Low
CVE-2025-46656 was published for markdownify (pip) Apr 27, 2025
CKAN contains Improper Authentication leading to account takeover High
CVE-2022-43685 was published for ckan (pip) Nov 22, 2022
Keylime: unhandled exceptions could lead to invalid attestation states High
CVE-2022-3500 was published for Keylime (pip) Oct 28, 2022
galmasi
LIEF heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind High
CVE-2022-43171 was published for lief (pip) Nov 18, 2022
vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints Critical
CVE-2024-9053 was published for vllm (pip) Mar 20, 2025
phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service Moderate
CVE-2025-46560 was published for vllm (pip) Apr 29, 2025
kexinoh d3do-23
lonelyuan russellb DarkLight1337 Isotr0py
Jinja2 vulnerable to sandbox breakout through attr filter selecting format method Moderate
CVE-2025-27516 was published for Jinja2 (pip) Mar 5, 2025
securingapps
Flair allows arbitrary code execution Moderate
CVE-2024-10073 was published for flair (pip) Oct 17, 2024
m3t3kh4n wnowicki
diplib Double Free Moderate
CVE-2021-39432 was published for diplib (pip) Nov 4, 2022
Qiskit allows arbitrary code execution decoding QPY format versions < 13 Critical
CVE-2025-2000 was published for qiskit (pip) Mar 14, 2025
Duplicate Advisory: `allowed_domains` can be bypassed by putting a decoy domain in http auth username portion of a URL Critical
GHSA-f54f-hr32-586f was published for browser-use (pip) May 3, 2025 withdrawn
Browser Use allows bypassing `allowed_domains` by putting a decoy domain in http auth username portion of a URL Critical
CVE-2025-47241 was published for browser-use (pip) May 5, 2025
mmudryi markiyanch
Data exposure via ZeroMQ on multi-node vLLM deployment High
CVE-2025-30202 was published for vllm (pip) Apr 29, 2025
russellb kexinoh
Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload Moderate
CVE-2025-46335 was published for mobsf (pip) May 5, 2025
ssshah2131
Langroid Allows XXE Injection via XMLToolMessage High
CVE-2025-46726 was published for langroid (pip) May 5, 2025
SCH227
Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack Moderate
CVE-2025-46730 was published for mobsf (pip) May 5, 2025
ssshah2131
Apache Airflow: DAG Code and Import Error Permissions Ignored Moderate
CVE-2024-27906 was published for apache-airflow (pip) Feb 29, 2024
oscerd sunSUNQ
Mezzanine CMS Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-29573 was published for Mezzanine (pip) May 5, 2025
Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration High
CVE-2025-30165 was published for vllm (pip) May 6, 2025
avioligo russellb
OpenStack Kolla sudo privilege escalation vulnerability High
CVE-2022-38060 was published for kolla (pip) Dec 21, 2022
Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass Critical
CVE-2025-24370 was published for django-unicorn (pip) Feb 3, 2025
superboy-zjc jackfromeast
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database