Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,943 advisories

Loading
SignXML's signature verification with HMAC is vulnerable to a timing attack Moderate
CVE-2025-48995 was published for signxml (pip) Jun 5, 2025
ahacker1-securesaml
SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack Moderate
CVE-2025-48994 was published for signxml (pip) Jun 5, 2025
ahacker1-securesaml
HumanSignal label-studio-ml-backend Deserialization of Untrusted Data vulnerability Moderate
CVE-2025-5173 was published for label-studio-ml (pip) May 26, 2025
llama_index vulnerable to SQL Injection Critical
CVE-2025-1793 was published for llama-index (pip) Jun 5, 2025
Malayke
Sentry's Python SDK unintentionally exposes environment variables to subprocesses Low
CVE-2024-40647 was published for sentry-sdk (pip) Jul 18, 2024
kmichel-aiven cgurnik
In aiohttp, compressed files as symlinks are not protected from path traversal Moderate
CVE-2024-42367 was published for aiohttp (pip) Aug 9, 2024
steverep
Requests vulnerable to .netrc credentials leak via malicious URLs Moderate
CVE-2024-47081 was published for requests (pip) Jun 9, 2025
sethmlarson jupenur
nateprewitt sigmavirus24
Pytorch use-after-free vulnerability High
CVE-2024-31583 was published for torch (pip) Apr 17, 2024
levpachmanov
Django Improper Output Neutralization for Logs vulnerability Moderate
CVE-2025-48432 was published for Django (pip) Jun 5, 2025
OctoPrint vulnerable to possible file extraction via upload endpoints Moderate
CVE-2025-48067 was published for OctoPrint (pip) Jun 10, 2025
jacopotediosi
OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrint Moderate
CVE-2025-48879 was published for OctoPrint (pip) Jun 10, 2025
jacopotediosi
Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating Moderate
CVE-2025-49142 was published for nautobot (pip) Jun 10, 2025
mzbroch
Nautobot may allows uploaded media files to be accessible without authentication Moderate
CVE-2025-49143 was published for nautobot (pip) Jun 10, 2025
PyTorch heap buffer overflow vulnerability High
CVE-2024-31580 was published for torch (pip) Apr 17, 2024
levpachmanov
Backend.AI Missing Authorization vulnerability High
CVE-2025-49651 was published for backend.ai (pip) Jun 9, 2025
BackendAI Missing Authentication for Critical Function Critical
CVE-2025-49652 was published for backend.ai (pip) Jun 9, 2025
BackendAI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2025-49653 was published for backend.ai (pip) Jun 9, 2025
pretix mishandles file validation Moderate
CVE-2024-27447 was published for pretix (pip) Feb 26, 2024
vantage6 lacks brute-force protection on change password functionality Low
CVE-2025-43863 was published for vantage6 (pip) Jun 12, 2025
Vantage6 Server JWT secret not cryptographically secure Low
CVE-2025-43866 was published for vantage6-server (pip) Jun 12, 2025
Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding Moderate
CVE-2025-31116 was published for mobsf (pip) Mar 31, 2025
Sim4n6
zenml Session Fixation vulnerability Moderate
CVE-2024-2260 was published for zenml (pip) Apr 16, 2024
setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write High
CVE-2025-47273 was published for setuptools (pip) May 19, 2025
SCH227
Salt's salt.auth.pki module does not properly authenticate callers Moderate
CVE-2024-38825 was published for salt (pip) Jun 13, 2025
Salt has minion event bus authorization bypass vulnerability High
CVE-2025-22236 was published for salt (pip) Jun 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database