Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

4,341 advisories

Loading
Google Cloud Vertex AI has a a vulnerability involving predictable bucket naming High
CVE-2026-2473 was published for google-cloud-aiplatform (pip) Feb 20, 2026
Google Cloud Vertex AI SDK affected by Stored Cross-Site Scripting (XSS) High
CVE-2026-2472 was published for google-cloud-aiplatform (pip) Feb 20, 2026
Ray dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion) Moderate
CVE-2026-27482 was published for ray (pip) Feb 20, 2026
qi-scape
Credited to qi-scape
Fickling has a detection bypass via stdlib network-protocol constructors Low
GHSA-83pf-v6qq-pwmr was published for fickling (pip) Feb 20, 2026
NucleiAv
Credited to NucleiAv
Flask session does not add `Vary: Cookie` header when accessed in some ways Low
CVE-2026-27205 was published for flask (pip) Feb 19, 2026
shouryaj98
Credited to shouryaj98
Werkzeug safe_join() allows Windows special device names Moderate
CVE-2026-27199 was published for werkzeug (pip) Feb 19, 2026
alimezar
Credited to alimezar
D-Tale affected by Remote Code Execution through the /save-column-filter endpoint High
CVE-2026-27194 was published for dtale (pip) Feb 19, 2026
Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution Critical
CVE-2026-26030 was published for semantic-kernel (pip) Feb 19, 2026
amiteliahu doredry
urioren
Credited to amiteliahu, doredry, and urioren
Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading High
CVE-2026-1669 was published for keras (pip) Feb 18, 2026
N3mes1s
Credited to N3mes1s
pypdf possibly has long runtimes for malformed FlateDecode streams Moderate
CVE-2026-27026 was published for pypdf (pip) Feb 18, 2026
CheonWoong-Park stefan6419846
Credited to CheonWoong-Park and stefan6419846
pypdf has possible long runtimes/large memory usage for large /ToUnicode streams Moderate
CVE-2026-27025 was published for pypdf (pip) Feb 18, 2026
CheonWoong-Park stefan6419846
Credited to CheonWoong-Park and stefan6419846
pypdf has a possible infinite loop when processing TreeObject Moderate
CVE-2026-27024 was published for pypdf (pip) Feb 18, 2026
CheonWoong-Park stefan6419846
Credited to CheonWoong-Park and stefan6419846
NLTK has a Zip Slip Vulnerability Critical
CVE-2025-14009 was published for nltk (pip) Feb 18, 2026
OpenStack Nova calls qemu-img without format restrictions for resize High
CVE-2026-24708 was published for Nova (pip) Feb 18, 2026
Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER High
GHSA-97f8-7cmv-76j2 was published for picklescan (pip) Feb 18, 2026
zpbrent
Credited to zpbrent
NVIDIA NeMo Framework Deserializes Untrusted Data High
CVE-2025-33253 was published for nemo-toolkit (pip) Feb 18, 2026
NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution High
CVE-2025-33245 was published for nemo-toolkit (pip) Feb 18, 2026
Skill-scanner Unsecured Network Binding Vulnerability Moderate
CVE-2026-26057 was published for cisco-ai-skill-scanner (pip) Feb 17, 2026
RichardoC vineethsai7
Credited to RichardoC and vineethsai7
Indico Affected by Cross-Site-Scripting via material uploads Moderate
CVE-2026-25739 was published for indico (pip) Feb 17, 2026
dreyercito
Credited to dreyercito
Indico has Server-Side Request Forgery (SSRF) in multiple places Moderate
CVE-2026-25738 was published for indico (pip) Feb 17, 2026
rahulgovind inkz
yueyueL
Credited to rahulgovind, inkz, and yueyueL
Weblate has an argument injection in management console Moderate
CVE-2026-24126 was published for Weblate (pip) Feb 17, 2026
alexb616 nijel
Credited to alexb616 and nijel
pretix unsafely evaluates variables in emails High
CVE-2026-2415 was published for pretix (pip) Feb 16, 2026
MindsDB affected by a SSRF vulnerability Low
CVE-2026-2531 was published for MindsDB (pip) Feb 16, 2026
sqlparse: formatting list of tuples leads to denial of service Moderate
GHSA-27jp-wm6q-gp25 was published for sqlparse (pip) Feb 13, 2026
jacobtylerwalls
Credited to jacobtylerwalls
Duplicate Advisory: Keras vulnerable to arbitrary file read in the model loading mechanism (HDF5 integration) High
GHSA-gfmx-qqqh-f38q was published for keras (pip) Feb 12, 2026 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database