Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

8,321 advisories

Loading
Open WebUI Uncontrolled Resource Consumption vulnerability High
CVE-2024-12537 was published for open-webui (npm) Mar 20, 2025
BentoML vulnerable to Uncontrolled Resource Consumption High
GHSA-hh3j-9m59-p8vc was published for bentoml (pip) Mar 20, 2025
Feast Cross-Origin Resource Sharing vulnerability High
CVE-2024-11602 was published for feast (pip) Mar 20, 2025
Kedro allows Remote Code Execution by Pulling Micro Packages High
CVE-2024-12215 was published for kedro (pip) Mar 20, 2025
Ollama Allows Out-of-Bounds Read High
CVE-2024-12055 was published for github.com/ollama/ollama (Go) Mar 20, 2025
GluonCV Arbitrary File Write via TarSlip High
CVE-2024-12216 was published for gluoncv (pip) Mar 20, 2025
FastChat Server-Side Request Forgery vulnerability High
CVE-2024-11603 was published for fschat (pip) Mar 20, 2025
FastChat Uncontrolled Resource Consumption vulnerability High
CVE-2024-10907 was published for fschat (pip) Mar 20, 2025
FastChat Denial of Service vulnerability High
CVE-2024-10912 was published for fschat (pip) Mar 20, 2025
InvokeAI Uncontrolled Resource Consumption vulnerability High
CVE-2024-11043 was published for InvokeAI (pip) Mar 20, 2025
HyperLPR Denial of Service vulnerability High
CVE-2024-10713 was published for hyperlpr3 (pip) Mar 20, 2025
InvokeAI has Denial of Service (DoS) vulnerability in `/api/v1/images/upload` High
CVE-2024-10821 was published for InvokeAI (pip) Mar 20, 2025
DB-GPT Uncontrolled Resource Consumption vulnerability High
CVE-2024-10829 was published for dbgpt (pip) Mar 20, 2025
DB-GPT vulnerable to Cross-Site Request Forgery High
CVE-2024-10906 was published for dbgpt (pip) Mar 20, 2025
DB-GPT Path Traversal vulnerability High
CVE-2024-10830 was published for dbgpt (pip) Mar 20, 2025
Gradio Vulnerable to Denial of Service (DoS) via Crafted HTTP Request High
CVE-2024-10624 was published for gradio (pip) Mar 20, 2025
Gradio Vulnerable to Arbitrary File Deletion High
CVE-2024-10648 was published for gradio (pip) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `/3/ParseSetup` Endpoint High
CVE-2024-10550 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) and File Write High
CVE-2024-10572 was published for ai.h2o:h2o-ext-xgboost (Maven) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint High
CVE-2024-10549 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
Gradio Vulnerable to Denial of Service (DoS) via Crafted Zip Bomb High
CVE-2024-10569 was published for gradio (pip) Mar 20, 2025
LiteLLM Vulnerable to Denial of Service (DoS) High
CVE-2024-10188 was published for litellm (pip) Mar 20, 2025
Aim Vulnerable to Denial of Service (DoS) High
CVE-2024-10110 was published for aim (pip) Mar 20, 2025
Spring Security Does Not Enforce Password Length High
CVE-2025-22228 was published for org.springframework.security:spring-security-crypto (Maven) Mar 20, 2025
The WikiManager REST API allows any user to create wikis High
CVE-2025-29926 was published for org.xwiki.platform:xwiki-platform-wiki-rest-default (Maven) Mar 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database