Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,943 advisories

Loading
Salt's on demand pillar functionality vulnerable to arbitrary command injections Moderate
CVE-2025-22237 was published for salt (pip) Jun 13, 2025
Salt vulnerable to directory traversal attack in minion file cache creation Moderate
CVE-2025-22238 was published for salt (pip) Jun 13, 2025
Salt vulnerable to arbitrary event injection High
CVE-2025-22239 was published for salt (pip) Jun 13, 2025
Salt allows arbitrary directory creation or file deletion Moderate
CVE-2025-22240 was published for salt (pip) Jun 13, 2025
Salt's worker process vulnerable to denial of service through file read operation Moderate
CVE-2025-22242 was published for salt (pip) Jun 13, 2025
Salt vulnerable to directory traversal attack in file receiving method Critical
CVE-2024-38824 was published for salt (pip) Jun 13, 2025
protobuf-python has a potential Denial of Service issue High
CVE-2025-4565 was published for protobuf (pip) Jun 16, 2025
pycares has a Use-After-Free Vulnerability Moderate
GHSA-5qpg-rh4j-qp35 was published for pycares (pip) Jun 16, 2025
vEpiphyte
Weblate lacks rate limiting when verifying second factor Moderate
CVE-2025-47951 was published for weblate (pip) Jun 16, 2025
nijel obscuredeer
amCap1712
Salt's file contents overwrite the VirtKey class Moderate
CVE-2025-22241 was published for salt (pip) Jun 13, 2025
Duplicate Advisory: Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint Critical
GHSA-c995-4fw3-j39m was published for langflow (pip) Apr 7, 2025 withdrawn
Skyvern has a Jinja runtime leak High
CVE-2025-49619 was published for skyvern (pip) Jun 7, 2025
Gradio allows credential leakage on Windows High
CVE-2024-34510 was published for gradio (pip) May 5, 2024
Vyper: reversed order of side effects for some operations Moderate
CVE-2023-40015 was published for vyper (pip) Sep 4, 2023
trocher
urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation Moderate
CVE-2025-50181 was published for urllib3 (pip) Jun 18, 2025
sandumjacob illia-v
pquentin sethmlarson
vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py` Moderate
CVE-2025-48887 was published for vllm (pip) May 28, 2025
kexinoh russellb
mgoin
Remote Code Execution vulnerability in Apache IoTDB via UDF High
CVE-2023-46226 was published for apache-iotdb (Maven) Jan 15, 2024
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin Moderate
CVE-2023-48795 was published for golang.org/x/crypto (Go) Dec 18, 2023
TrueSkrillor lambdafu
sugar700 levpachmanov
pyspur Incomplete Filtering of Special Elements allowed by SingleLLMCallNode function Low
CVE-2025-6518 was published for pyspur (pip) Jun 23, 2025
LLaMA-Factory allows Code Injection through improper vhead_file safeguards High
CVE-2025-53002 was published for llamafactory (pip) Jun 27, 2025
LianKee
MobSF vulnerability allows SSRF due to the allow_redirects=True parameter High
CVE-2024-54000 was published for mobsf (pip) Jun 27, 2025
bulutenes aydinnyunus
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching Low
CVE-2025-46570 was published for vllm (pip) May 28, 2025
russellb dr75
DarkLight1337
vLLM DOS: Remotely kill vllm over http with invalid JSON schema Moderate
CVE-2025-48942 was published for vllm (pip) May 28, 2025
derekhiggins Jason-CKY
russellb
vLLM allows clients to crash the openai server with invalid regex Moderate
CVE-2025-48943 was published for vllm (pip) May 28, 2025
g-eoj russellb
Jason-CKY
Apache Airflow Providers Snowflake package allows for Special Element Injection via CopyFromExternalStageToSnowflakeOperator Critical
CVE-2025-50213 was published for apache-airflow-providers-snowflake (pip) Jun 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database