Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,618 advisories

Loading
Picklescan has a missing detection when calling built-in python idlelib.debugobj.ObjectTreeItem Moderate
GHSA-3vg9-h568-4w9m was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan has a missing detection when calling built-in python lib2to3.pgen2.grammar.Grammar.loads Moderate
GHSA-f54q-57x4-jg88 was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan has a missing detection when calling built-in python profile.Profile.runctx Moderate
GHSA-6vqj-c2q5-j97w was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan has a missing detection when calling built-in python profile.Profile.run Moderate
GHSA-x696-vm39-cp64 was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan has a missing detection when calling built-in python trace.Trace.runctx Moderate
GHSA-g344-hcph-8vgg was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan has a missing detection when calling built-in python trace.Trace.run Moderate
GHSA-5qwp-399c-mjwf was published for picklescan (pip) Aug 26, 2025
FredericDT
mitmproxy binaries embed a vulnerable python-hyper/h2 dependency Moderate
GHSA-63cx-g855-hvv4 was published for mitmproxy (pip) Aug 25, 2025
sebastianosrt mhils
h2 allows HTTP Request Smuggling due to illegal characters in headers Moderate
CVE-2025-57804 was published for h2 (pip) Aug 25, 2025
sebastianosrt mhils
Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config Moderate
GHSA-vv6j-3g6g-2pvj was published for picklescan (pip) Aug 22, 2025
FredericDT
Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper Moderate
GHSA-vr7h-p6mm-wpmh was published for picklescan (pip) Aug 22, 2025
FredericDT
Picklescan missing detection when calling pytorch function torch.utils.data.datapipes.utils.decoder.basichandlers Moderate
GHSA-h3qp-7fh3-f8h4 was published for picklescan (pip) Aug 22, 2025
FredericDT
Picklescan missing detection when calling pytorch function torch.utils.collect_env.run Moderate
GHSA-f745-w6jp-hpxx was published for picklescan (pip) Aug 22, 2025
FredericDT
Picklescan missing detection when calling pytorch function torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression Moderate
GHSA-f4x7-rfwp-v3xw was published for picklescan (pip) Aug 22, 2025
FredericDT
Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get Moderate
GHSA-86cj-95qr-2p4f was published for picklescan (pip) Aug 22, 2025
FredericDT
Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile Moderate
GHSA-4r9r-ch6f-vxmx was published for picklescan (pip) Aug 22, 2025
FredericDT
Copier's safe template has filesystem write access outside destination path Moderate
CVE-2025-55214 was published for copier (pip) Aug 18, 2025
sisp pawamoy
yajo
Apache Superset data query improperly discloses database schema information to low-privileged guest user Moderate
CVE-2025-55673 was published for apache-superset (pip) Aug 14, 2025
Apache Superset has bypass of `DISALLOWED_SQL_FUNCTIONS` that allows execution of blocked SQL functions Moderate
CVE-2025-55674 was published for apache-superset (pip) Aug 14, 2025
Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-55672 was published for apache-superset (pip) Aug 14, 2025
Apache Superset allows authenticated users to discover metadata about datasources they don't have permission to access Moderate
CVE-2025-55675 was published for apache-superset (pip) Aug 14, 2025
PyPDF's Manipulated FlateDecode streams can exhaust RAM Moderate
CVE-2025-55197 was published for pypdf (pip) Aug 13, 2025
jakiki6 stefan6419846
OMERO.web displays unecessary user information when requesting password reset Moderate
CVE-2025-54791 was published for omero-web (pip) Aug 13, 2025
TinyScientist has Path Traversal Vulnerability in PDF Review Function (CWE-22) Moderate
CVE-2025-55149 was published for tiny-scientist (pip) Aug 11, 2025
ExecuTorch integer overflow vulnerability leads to code execution Moderate
CVE-2025-54952 was published for executorch (pip) Aug 8, 2025
uv allows ZIP payload obfuscation through parsing differentials Moderate
CVE-2025-54368 was published for uv (pip) Aug 7, 2025
charliermarsh zanieb
woodruffw thatch calebbrown
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database