Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,949 advisories

Loading
Withdrawn Advisory: Dask Vulnerable to Command Injection Critical
CVE-2024-10096 was published for dask (pip) Mar 20, 2025 withdrawn
krishanbhasin-px
LiteLLM Vulnerable to Denial of Service (DoS) High
CVE-2024-10188 was published for litellm (pip) Mar 20, 2025
Aim Vulnerable to Denial of Service (DoS) High
CVE-2024-10110 was published for aim (pip) Mar 20, 2025
Horovod Vulnerable to Command Injection Critical
CVE-2024-10190 was published for horovod (pip) Mar 20, 2025
vLLM Allows Remote Code Execution via Mooncake Integration Critical
CVE-2025-29783 was published for vllm (pip) Mar 19, 2025
JosephTLucas russellb
kexinoh
vLLM denial of service via outlines unbounded cache on disk Moderate
CVE-2025-29770 was published for vllm (pip) Mar 19, 2025
russellb
Apache Airflow MySQL Provider is Vulnerable to SQL Injection Moderate
CVE-2025-27018 was published for apache-airflow-providers-mysql (pip) Mar 19, 2025
PostQuantum-Feldman-VSS'S Dependency Vulnerability in gmpy2 Leading to Interpreter Crash High
GHSA-v432-7f47-9g94 was published for PostQuantum-Feldman-VSS (pip) Mar 17, 2025
DavidOsipov
Qiskit allows arbitrary code execution decoding QPY format versions < 13 Critical
CVE-2025-2000 was published for qiskit (pip) Mar 14, 2025
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution` Moderate
CVE-2025-29779 was published for PostQuantum-Feldman-VSS (pip) Mar 14, 2025
DavidOsipov
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations Moderate
CVE-2025-29780 was published for PostQuantum-Feldman-VSS (pip) Mar 14, 2025
DavidOsipov
Duplicate Advisory: Qiskit allows arbitrary code execution decoding QPY format versions < 13 Critical
GHSA-3pwp-2fqj-6g2p was published for qiskit (pip) Mar 14, 2025 withdrawn
XPixelGroup BasicSR Command Injection Moderate
CVE-2024-27763 was published for basicsr (pip) Mar 12, 2025
aydinnyunus
Rembg CORS misconfiguration High
CVE-2025-25302 was published for rembg (pip) Mar 11, 2025
Rembg allows SSRF via /api/remove Moderate
CVE-2025-25301 was published for rembg (pip) Mar 11, 2025
Arbitrary Code Execution via Crafted Keras Config for Model Loading High
CVE-2025-1550 was published for keras (pip) Mar 11, 2025
io-no
Azure PromptFlow remote code execution related to Jinja templates Moderate
CVE-2025-24986 was published for promptflow-core (pip) Mar 11, 2025
Duplicate Advisory: Keras arbitrary code execution vulnerability High
GHSA-5478-v2w6-c6q7 was published for keras (pip) Mar 11, 2025 withdrawn
Zip Exploit Crashes Picklescan But Not PyTorch Moderate
CVE-2025-1944 was published for picklescan (pip) Mar 10, 2025
madgetr axsonatype
Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch Moderate
CVE-2025-1945 was published for picklescan (pip) Mar 10, 2025
madgetr axsonatype
PlotAI eval vulnerability Critical
CVE-2025-1497 was published for plotai (pip) Mar 10, 2025
Duplicate Advisory: Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch Moderate
GHSA-2fh4-gpch-vqv4 was published for picklescan (pip) Mar 10, 2025 withdrawn
Duplicate Advisory: Zip Exploit Crashes Picklescan But Not PyTorch Moderate
GHSA-w6mr-mj53-x258 was published for picklescan (pip) Mar 10, 2025 withdrawn
Django vulnerable to Allocation of Resources Without Limits or Throttling Moderate
CVE-2025-26699 was published for Django (pip) Mar 6, 2025
ray vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2025-1979 was published for ray (pip) Mar 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database