Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,618 advisories

Loading
Apache Airflow MySQL Provider is Vulnerable to SQL Injection Moderate
CVE-2025-27018 was published for apache-airflow-providers-mysql (pip) Mar 19, 2025
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution` Moderate
CVE-2025-29779 was published for PostQuantum-Feldman-VSS (pip) Mar 14, 2025
DavidOsipov
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations Moderate
CVE-2025-29780 was published for PostQuantum-Feldman-VSS (pip) Mar 14, 2025
DavidOsipov
XPixelGroup BasicSR Command Injection Moderate
CVE-2024-27763 was published for basicsr (pip) Mar 12, 2025
aydinnyunus
Rembg allows SSRF via /api/remove Moderate
CVE-2025-25301 was published for rembg (pip) Mar 11, 2025
Azure PromptFlow remote code execution related to Jinja templates Moderate
CVE-2025-24986 was published for promptflow-core (pip) Mar 11, 2025
Zip Exploit Crashes Picklescan But Not PyTorch Moderate
CVE-2025-1944 was published for picklescan (pip) Mar 10, 2025
madgetr axsonatype
Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch Moderate
CVE-2025-1945 was published for picklescan (pip) Mar 10, 2025
madgetr axsonatype
Duplicate Advisory: Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch Moderate
GHSA-2fh4-gpch-vqv4 was published for picklescan (pip) Mar 10, 2025 withdrawn
Duplicate Advisory: Zip Exploit Crashes Picklescan But Not PyTorch Moderate
GHSA-w6mr-mj53-x258 was published for picklescan (pip) Mar 10, 2025 withdrawn
Django vulnerable to Allocation of Resources Without Limits or Throttling Moderate
CVE-2025-26699 was published for Django (pip) Mar 6, 2025
ray vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2025-1979 was published for ray (pip) Mar 6, 2025
Jinja2 vulnerable to sandbox breakout through attr filter selecting format method Moderate
CVE-2025-27516 was published for Jinja2 (pip) Mar 5, 2025
securingapps
Duplicate Advisory: Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis Moderate
GHSA-hw34-rqc5-h2gm was published for picklescan (pip) Mar 3, 2025 withdrawn
Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis Moderate
CVE-2025-1716 was published for picklescan (pip) Mar 3, 2025
madgetr
PyTorch Model Files Can Bypass Pickle Scanners via Unexpected Pickle Extensions Moderate
CVE-2025-1889 was published for picklescan (pip) Mar 3, 2025
madgetr
CodeChecker open redirect when URL contains multiple slashes after the product name Moderate
CVE-2025-1300 was published for codechecker (pip) Mar 3, 2025
Discookie
Duplicate Advisory: Remote Code Execution via Malicious Pickle File Bypassing Static Analysis Moderate
GHSA-vr75-hjh9-7fr6 was published for picklescan (pip) Mar 3, 2025 withdrawn
Apache StreamPipes has improper privilege management in a REST interface Moderate
CVE-2024-24778 was published for org.apache.streampipes:streampipes-parent (Maven) Mar 3, 2025
Exiv2 allows Use After Free Moderate
CVE-2025-26623 was published for Exiv2 (pip) Feb 21, 2025
Marsman1996
Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0 Moderate
CVE-2025-1057 was published for keylime (pip) Feb 14, 2025
ansasaki
Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint Moderate
CVE-2025-25296 was published for label-studio (pip) Feb 14, 2025
xbow-security
xml2rfc has file inclusion irregularities Moderate
GHSA-432c-wxpg-m4q3 was published for xml2rfc (pip) Feb 7, 2025
snowflake-connector-python vulnerable to insecure deserialization of the OCSP response cache Moderate
CVE-2025-24794 was published for snowflake-connector-python (pip) Jan 29, 2025
snowflake-connector-python vulnerable to insecure cache files permissions Moderate
CVE-2025-24795 was published for snowflake-connector-python (pip) Jan 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database