Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,943 advisories

Loading
Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity Moderate
GHSA-6w4w-5w54-rjvr was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan has a missing detection when calling built-in python idlelib.debugobj.ObjectTreeItem Moderate
GHSA-3vg9-h568-4w9m was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan has a missing detection when calling built-in python lib2to3.pgen2.grammar.Grammar.loads Moderate
GHSA-f54q-57x4-jg88 was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan has a missing detection when calling built-in python profile.Profile.runctx Moderate
GHSA-6vqj-c2q5-j97w was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan has a missing detection when calling built-in python profile.Profile.run Moderate
GHSA-x696-vm39-cp64 was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan has a missing detection when calling built-in python trace.Trace.runctx Moderate
GHSA-g344-hcph-8vgg was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan has a missing detection when calling built-in python trace.Trace.run Moderate
GHSA-5qwp-399c-mjwf was published for picklescan (pip) Aug 26, 2025
FredericDT
xml2rfc has an arbitrary file read vulnerability High
GHSA-cfmv-h8fx-85m7 was published for xml2rfc (pip) Aug 26, 2025
LlamaIndex affected by a Denial of Service (DOS) in JSONReader High
CVE-2025-5302 was published for llama-index-core (pip) Aug 26, 2025
mitmproxy binaries embed a vulnerable python-hyper/h2 dependency Moderate
GHSA-63cx-g855-hvv4 was published for mitmproxy (pip) Aug 25, 2025
sebastianosrt mhils
h2 allows HTTP Request Smuggling due to illegal characters in headers Moderate
CVE-2025-57804 was published for h2 (pip) Aug 25, 2025
sebastianosrt mhils
XGrammar affected by Denial of Service by infinite recursion grammars High
CVE-2025-57809 was published for xgrammar (pip) Aug 25, 2025
xendo
Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE) High
CVE-2025-57760 was published for langflow (pip) Aug 25, 2025
chaandrey
Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config Moderate
GHSA-vv6j-3g6g-2pvj was published for picklescan (pip) Aug 22, 2025
FredericDT
Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper Moderate
GHSA-vr7h-p6mm-wpmh was published for picklescan (pip) Aug 22, 2025
FredericDT
Picklescan missing detection when calling pytorch function torch.utils.data.datapipes.utils.decoder.basichandlers Moderate
GHSA-h3qp-7fh3-f8h4 was published for picklescan (pip) Aug 22, 2025
FredericDT
Picklescan missing detection when calling pytorch function torch.utils.collect_env.run Moderate
GHSA-f745-w6jp-hpxx was published for picklescan (pip) Aug 22, 2025
FredericDT
Picklescan missing detection when calling pytorch function torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression Moderate
GHSA-f4x7-rfwp-v3xw was published for picklescan (pip) Aug 22, 2025
FredericDT
Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get Moderate
GHSA-86cj-95qr-2p4f was published for picklescan (pip) Aug 22, 2025
FredericDT
Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile Moderate
GHSA-4r9r-ch6f-vxmx was published for picklescan (pip) Aug 22, 2025
FredericDT
Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs High
CVE-2025-57751 was published for pyload-ng (pip) Aug 21, 2025
cyjhhh
vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder High
CVE-2025-9141 was published for vllm (pip) Aug 21, 2025
levigross russellb
vllm API endpoints vulnerable to Denial of Service Attacks High
CVE-2025-48956 was published for vllm (pip) Aug 21, 2025
jperezdealgaba russellb
taneem-ibrahim
Withdrawn Advisory: Microsoft Knack ReDoS Vulnerability in the Introspection Module Low
CVE-2025-54364 was published for knack (pip) Aug 20, 2025 withdrawn
Withdrawn Advisory: Microsoft Knack ReDoS Vulnerability in the Introspection Module Low
CVE-2025-54363 was published for knack (pip) Aug 20, 2025 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database