Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,943 advisories

Loading
pyLoad vulnerable to XSS through insecure CAPTCHA Critical
CVE-2025-53890 was published for pyload-ng (pip) Jul 15, 2025
odaysec
Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions Low
CVE-2024-53947 was published for apache-superset (pip) Dec 9, 2024
Apache Superset Allows Ownership Takeover Moderate
CVE-2025-27696 was published for apache-superset (pip) May 13, 2025
Weblate exposes personal IP address via e-mail Low
CVE-2025-49134 was published for weblate (pip) Jun 16, 2025
amCap1712 nijel
DB-GPT is vulnerable to SQL Injection attacks from unauthenticated users Critical
CVE-2024-10835 was published for dbgpt (pip) Mar 20, 2025
LangChain Community SSRF vulnerability exists in RequestsToolkit component High
CVE-2025-2828 was published for langchain-community (pip) Jun 23, 2025
Open WebUI Uncontrolled Resource Consumption vulnerability High
CVE-2024-7036 was published for open-webui (pip) Mar 20, 2025
Starlette has possible denial-of-service vector when parsing large files in multipart forms Moderate
CVE-2025-54121 was published for starlette (pip) Jul 21, 2025
HonakerM defnull
wai25
Aim vulnerable to Cross-Site Request Forgery High
CVE-2024-7760 was published for aim (pip) Mar 20, 2025
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Moderate
CVE-2024-35255 was published for @azure/identity (Go) Jun 11, 2024
scottaddie localden
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
Indico vulnerability allows attackers to bulk dump user details Moderate
CVE-2025-53640 was published for indico (pip) Jul 14, 2025
rafaelcorvino1 rildosouza
nmmorette
Aim vulnerable to Cross-site Scripting Moderate
CVE-2025-51464 was published for aim (pip) Jul 22, 2025
Reverb use after free vulnerability Moderate
CVE-2024-8375 was published for dm-reverb (pip) Sep 19, 2024
Dagster Local File Inclusion vulnerability Moderate
CVE-2025-51481 was published for dagster (pip) Jul 22, 2025
`pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write High
CVE-2025-54140 was published for pyload-ng (pip) Jul 21, 2025
odaysec
Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage High
CVE-2019-1010083 was published for flask (pip) Jul 19, 2019
Cadwyn vulnerable to XSS on the docs page High
CVE-2025-53528 was published for cadwyn (pip) Jul 21, 2025
protozeit
Mezzanine CMS vulnerable to Cross-site Scripting Moderate
CVE-2025-50481 was published for Mezzanine (pip) Jul 23, 2025
FastAPI Guard has a regex bypass High
CVE-2025-54365 was published for fastapi-guard (pip) Jul 23, 2025
dhki rennf93
Calibre Web and Autocaliweb have OS Command Injection vulnerability Moderate
CVE-2025-7404 was published for calibreweb (pip) Jul 24, 2025
gelbphoenix
Calibre Web and Autocaliweb have a ReDoS vulnerability High
CVE-2025-6998 was published for calibreweb (pip) Jul 24, 2025
gelbphoenix
copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata Moderate
CVE-2025-54423 was published for copyparty (pip) Jul 28, 2025
altperfect
Skops has Inconsistent Trusted Type Validation that Enables Hidden `operator` Methods Execution High
CVE-2025-54412 was published for skops (pip) Jul 25, 2025
io-no
BentoML SSRF Vulnerability in File Upload Processing Critical
CVE-2025-54381 was published for bentoml (pip) Jul 29, 2025
geckosecurity jjjutla
nkoorty
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database