Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,943 advisories

Loading
LlamaIndex has an XML Entity Expansion vulnerability in its sitemap parser High
CVE-2025-3225 was published for llama-index-readers-papers (pip) Jul 7, 2025
LlamaIndex vulnerability in ArxivReader class can cause MD5 hash collisions Moderate
CVE-2025-3044 was published for llama-index-readers-papers (pip) Jul 7, 2025
Transformers's ReDoS vulnerability in get_configuration_file can lead to catastrophic backtracking Moderate
CVE-2025-3263 was published for transformers (pip) Jul 7, 2025
Transformers vulnerable to ReDoS attack through its get_imports() function Moderate
CVE-2025-3264 was published for transformers (pip) Jul 7, 2025
Transformers's Improper Input Validation vulnerability can be exploited through username injection Low
CVE-2025-3777 was published for transformers (pip) Jul 7, 2025
LlamaIndex vulnerable to DoS attack through uncontrolled recursive JSON parsing Moderate
CVE-2025-5472 was published for llama-index-core (pip) Jul 7, 2025
LlamaIndex vulnerability in its ObsidianReader class can lead to Path Traversal exploit Moderate
CVE-2025-6210 was published for llama-index-readers-obsidian (pip) Jul 7, 2025
Lord of Large Language Models vulnerable to Observable Discrepancy attack via authenticate_user function High
CVE-2025-6386 was published for lollms (pip) Jul 7, 2025
LlamaIndex vulnerable to Path Traversal attack through its encode_image function High
CVE-2025-6209 was published for llama-index-core (pip) Jul 7, 2025
Dagster vulnerable to Path Traversal attack through its /logs endpoint Moderate
CVE-2023-51232 was published for dagster (pip) Jul 7, 2025
Duplicate Advisory: GHSA-x698-5hjm-w2m5 High
GHSA-2wcm-vx67-3x4q was published for pyload-ng (pip) Jul 8, 2025 withdrawn
pyLoad is vulnerable to attacks that bypass localhost restrictions, enabling the creation of arbitrary packages High
CVE-2025-7346 was published for pyload-ng (pip) Jul 8, 2025
PinkDraconian
Upsonic is vulnerable to Path Traversal attack through its os.path.join function Low
CVE-2025-6278 was published for upsonic (pip) Jun 19, 2025
Upsonic has vulnerability in Pickle Handler component that can lead to deserialization Low
CVE-2025-6279 was published for upsonic (pip) Jun 19, 2025
Apache StreamPipes has improper privilege management in a REST interface Moderate
CVE-2024-24778 was published for org.apache.streampipes:streampipes-parent (Maven) Mar 3, 2025
libwebp: OOB write in BuildHuffmanTable High
CVE-2023-4863 was published for Pillow (Go) Sep 12, 2023
delroth Nachtalb
pshelton-skype
protobuf susceptible to buffer overflow High
CVE-2015-5237 was published for Google.Protobuf (Composer) May 13, 2022
LlamaIndex vulnerable to data loss through hash collisions in its DocugamiReader class Moderate
CVE-2025-6211 was published for llama-index (pip) Jul 10, 2025
Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data Low
CVE-2024-50378 was published for apache-airflow (pip) Nov 8, 2024
ExecuTorch vulnerable to Heap-based Buffer Overflow attack High
CVE-2025-30402 was published for executorch (pip) Jul 11, 2025
aiohttp-session Session Fixation vulnerability High
CVE-2018-1000519 was published for aiohttp-session (pip) Sep 13, 2018
Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates Moderate
CVE-2025-53865 was published for roundup (pip) Jul 13, 2025
py-libp2p is vulnerable to DoS attacks through use of large RSA keys Moderate
CVE-2025-29606 was published for libp2p (pip) Jul 14, 2025
Mezzanine CMS has a Stored Cross-Site Scripting (XSS) vulnerability in the displayable_links_js function Moderate
CVE-2025-6050 was published for Mezzanine (pip) Jun 17, 2025
AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections Low
CVE-2025-53643 was published for aiohttp (pip) Jul 14, 2025
JeppW
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database