Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,411 advisories

Loading
Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell` Critical
CVE-2025-31477 was published for @tauri-apps/plugin-shell (npm) Apr 2, 2025
Rigidity tweidinger
chippers lucasfernog
Rancher: Restricted Administrator can change Administrator's passwords Critical
CVE-2025-23391 was published for github.com/rancher/rancher (Go) Apr 1, 2025
XavierDuthil
Apache Parquet Avro Module Vulnerable to Arbitrary Code Execution Critical
CVE-2025-30065 was published for org.apache.parquet:parquet-avro (Maven) Apr 1, 2025
Apache Pinot Vulnerable to Authentication Bypass Critical
CVE-2024-56325 was published for org.apache.pinot:pinot-broker (Maven) Apr 1, 2025
AnonySE26
Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input Critical
CVE-2025-30223 was published for github.com/beego/beego (Go) Mar 31, 2025
thevilledev
ingress-nginx admission controller RCE escalation Critical
CVE-2025-1974 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
OpenDaylight SFC Allows Unauthorized Privileged Execution via Crafted Request Critical
CVE-2025-29315 was published for org.opendaylight.sfc:sfc-parent (Maven) Mar 24, 2025
InvokeAI Deserialization of Untrusted Data vulnerability Critical
CVE-2024-12029 was published for InvokeAI (pip) Mar 21, 2025
zly123987
Authorization Bypass in Next.js Middleware Critical
CVE-2025-29927 was published for next (npm) Mar 21, 2025
cold-try
kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace Critical
CVE-2025-29922 was published for github.com/kcp-dev/kcp (Go) Mar 20, 2025
xmudrii
Duplicate Advisory: D-Tale Command Injection vulnerability Critical
CVE-2025-0655 was published for dtale (pip) Mar 20, 2025 withdrawn
Kedro deserialization vulnerability Critical
CVE-2024-9701 was published for kedro (pip) Mar 20, 2025
BentoML deserialization vulnerability Critical
CVE-2024-9070 was published for bentoml (pip) Mar 20, 2025
vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints Critical
CVE-2024-9053 was published for vllm (pip) Mar 20, 2025
vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object Critical
CVE-2024-9052 was published for vllm (pip) Mar 20, 2025
russellb
AgentScope Deserialization Vulnerability Critical
CVE-2024-8502 was published for agentscope (pip) Mar 20, 2025
AgentScope path traversal vulnerability Critical
CVE-2024-8537 was published for agentscope (pip) Mar 20, 2025
AgentScope path traversal vulnerability in save-workflow Critical
CVE-2024-8551 was published for agentscope (pip) Mar 20, 2025
Aim path traversal in LockManager.release_locks Critical
CVE-2024-8769 was published for aim (pip) Mar 20, 2025
PyTorch Lightning path traversal vulnerability Critical
CVE-2024-8019 was published for pytorch-lightning (pip) Mar 20, 2025
Withdrawn Advisory: PyTorch deserialization vulnerability Critical
CVE-2024-7804 was published for torch (pip) Mar 20, 2025 withdrawn
krishanbhasin-px
Aim External Control of File Name or Path vulnerability Critical
CVE-2024-6829 was published for aim (pip) Mar 20, 2025
llama-index-packs-finchat SQL Injection vulnerability Critical
CVE-2024-12909 was published for llama-index-packs-finchat (pip) Mar 20, 2025
logan-markewich
LlamaIndex Retrievers Integration: DuckDBRetriever SQL Injection Critical
CVE-2024-11958 was published for llama-index-retrievers-duckdb-retriever (pip) Mar 20, 2025
vLLM Deserialization of Untrusted Data vulnerability Critical
CVE-2024-11041 was published for vllm (pip) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database