GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
2,989
Maven
5,000+
npm
4,699
NuGet
788
pip
4,328
Pub
12
RubyGems
987
Rust
1,133
Swift
49
Unreviewed advisories
All unreviewed
5,000+
4,328 advisories
Filter by severity
Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading
High
CVE-2026-1669
was published
for
keras
(pip)
Feb 18, 2026
pypdf possibly has long runtimes for malformed FlateDecode streams
Moderate
CVE-2026-27026
was published
for
pypdf
(pip)
Feb 18, 2026
pypdf has possible long runtimes/large memory usage for large /ToUnicode streams
Moderate
CVE-2026-27025
was published
for
pypdf
(pip)
Feb 18, 2026
pypdf has a possible infinite loop when processing TreeObject
Moderate
CVE-2026-27024
was published
for
pypdf
(pip)
Feb 18, 2026
Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER
High
GHSA-97f8-7cmv-76j2
was published
for
picklescan
(pip)
Feb 18, 2026
Skill-scanner Unsecured Network Binding Vulnerability
Moderate
CVE-2026-26057
was published
for
cisco-ai-skill-scanner
(pip)
Feb 17, 2026
Indico Affected by Cross-Site-Scripting via material uploads
Moderate
CVE-2026-25739
was published
for
indico
(pip)
Feb 17, 2026
Indico has Server-Side Request Forgery (SSRF) in multiple places
Moderate
CVE-2026-25738
was published
for
indico
(pip)
Feb 17, 2026
Weblate has an argument injection in management console
Moderate
CVE-2026-24126
was published
for
Weblate
(pip)
Feb 17, 2026
pretix unsafely evaluates variables in emails
High
CVE-2026-2415
was published
for
pretix
(pip)
Feb 16, 2026
MindsDB affected by a SSRF vulnerability
Low
CVE-2026-2531
was published
for
MindsDB
(pip)
Feb 16, 2026
sqlparse: formatting list of tuples leads to denial of service
Moderate
GHSA-27jp-wm6q-gp25
was published
for
sqlparse
(pip)
Feb 13, 2026
Duplicate Advisory: Keras vulnerable to arbitrary file read in the model loading mechanism (HDF5 integration)
High
GHSA-gfmx-qqqh-f38q
was published
for
keras
(pip)
Feb 12, 2026
•
withdrawn
DiskCache has unsafe pickle deserialization
Moderate
CVE-2025-69872
was published
for
diskcache
(pip)
Feb 11, 2026
LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages
Low
CVE-2026-26013
was published
for
langchain-core
(pip)
Feb 11, 2026
Pillow affected by out-of-bounds write when loading PSD images
High
CVE-2026-25990
was published
for
pillow
(pip)
Feb 11, 2026
cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves
High
CVE-2026-26007
was published
for
cryptography
(pip)
Feb 10, 2026
Azure AI Language Authoring Elevation of Privilege Vulnerability can Lead to RCE
Critical
CVE-2026-21531
was published
for
azure-ai-language-conversations-authoring
(pip)
Feb 10, 2026
Emmett-Core: Unhandled CookieError Exception Causing Denial of Service
High
CVE-2026-25577
was published
for
emmett-core
(pip)
Feb 10, 2026
LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection
Moderate
CVE-2026-25528
was published
for
langsmith
(npm)
Feb 9, 2026
Litestar's FileStore key canonicalization collisions allow response cache mixup/poisoning (ASCII ord + Unicode NFKD)
Moderate
CVE-2026-25480
was published
for
litestar
(pip)
Feb 9, 2026
Litestar's AllowedHosts has a validation bypass due to unescaped regex metacharacters in configured host patterns
Moderate
CVE-2026-25479
was published
for
litestar
(pip)
Feb 9, 2026
Litestar's CORS origin allowlist has a bypass due to unescaped regex metacharacters in allowed origins
High
CVE-2026-25478
was published
for
litestar
(pip)
Feb 9, 2026
Apache Airflow Has an Authorization Bypass That Allows Unauthorized Task Log Access
Moderate
CVE-2026-22922
was published
for
apache-airflow
(pip)
Feb 9, 2026
Apache Airflow UI Exposes DAG Import Errors to Unauthorized Authenticated Users
Moderate
CVE-2026-24098
was published
for
apache-airflow
(pip)
Feb 9, 2026
ProTip!
Advisories are also available from the
GraphQL API