Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

10 advisories

Loading
Fiona affected by CVE-2023-45853 related to MiniZip madler-zlib Critical
GHSA-q5fm-55c2-v6j9 was published for fiona (pip) Jul 16, 2024
sgillies
pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels Moderate
GHSA-h4gh-qq45-vh27 was published for cryptography (pip) Sep 3, 2024
Indico has a Cross-Site-Scripting during account creation Moderate
CVE-2024-45399 was published for indico (pip) Sep 4, 2024
curl_cffi bundles a version of libcurl affected by High Severity vulnerability High
GHSA-3vpc-4p9p-47hc was published for curl-cffi (pip) Oct 22, 2024
SCH227
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution High
CVE-2024-56327 was published for pyrage (pip) Dec 19, 2024
gaby woodruffw
Vulnerable OpenSSL included in cryptography wheels Low
CVE-2024-12797 was published for cryptography (pip) Feb 11, 2025
vLLM vulnerable to Denial of Service by abusing xgrammar cache Moderate
GHSA-hf3c-wxg2-49q9 was published for vllm (pip) Apr 15, 2025
russellb
CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0 Critical
GHSA-ggpf-24jw-3fcw was published for vllm (pip) Apr 23, 2025
azraelxuemo russellb
multicast in source builds from vulnerable setuptools dependency Moderate
GHSA-94v7-wxj6-r2q5 was published for multicast (pip) May 28, 2025
mitmproxy binaries embed a vulnerable python-hyper/h2 dependency Moderate
GHSA-63cx-g855-hvv4 was published for mitmproxy (pip) Aug 25, 2025
sebastianosrt mhils
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database