Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,510 advisories

Loading
OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload High
CVE-2025-58180 was published for octoprint (pip) Sep 9, 2025
prabhatverma47
XGrammar affected by Denial of Service by infinite recursion grammars High
CVE-2025-57809 was published for xgrammar (pip) Aug 25, 2025
xendo
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation High
CVE-2025-57817 was published for ethyca-fides (pip) Sep 8, 2025
thabofletcher erosselli
daveqnet
SKOPS Card.get_model happily allows arbitrary code execution High
CVE-2025-54886 was published for skops (pip) Aug 7, 2025
io-no
xml2rfc is vulnerable to arbitrary file reads through prepped files High
GHSA-9mv7-3c64-mmqw was published for xml2rfc (pip) Sep 10, 2025
PyInstaller has local privilege escalation vulnerability High
CVE-2025-59042 was published for pyinstaller (pip) Sep 10, 2025
Picklescan Bypass is Possible via File Extension Mismatch High
GHSA-jgw4-cr84-mqxg was published for picklescan (pip) Sep 10, 2025
Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check High
GHSA-mjqp-26hc-grxg was published for picklescan (pip) Sep 10, 2025
Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports High
GHSA-f7qq-56ww-84cr was published for picklescan (pip) Sep 10, 2025
davcohen
Django is subject to SQL injection through its column aliases High
CVE-2025-57833 was published for Django (pip) Sep 8, 2025
Monai: Unsafe use of Pickle deserialization may lead to RCE High
CVE-2025-58757 was published for monai (pip) Sep 9, 2025
h3rrr
MONAI: Unsafe torch usage may lead to arbitrary code execution High
CVE-2025-58756 was published for monai (pip) Sep 9, 2025
h3rrr
MONAI does not prevent path traversal, potentially leading to arbitrary file writes High
CVE-2025-58755 was published for monai (pip) Sep 9, 2025
h3rrr
pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability High
CVE-2025-9636 was published for pgadmin4 (pip) Sep 5, 2025
TkEasyGUI Affected by Uncontrolled Search Path Element Issue High
CVE-2025-55671 was published for TkEasyGUI (pip) Sep 5, 2025
Skops may allow MethodNode to access unexpected object fields through dot notation, leading to arbitrary code execution at load time High
CVE-2025-54413 was published for skops (pip) Jul 25, 2025
io-no
Langchain Community Vulnerable to XML External Entity (XXE) Attacks High
CVE-2025-6984 was published for langchain-community (pip) Sep 4, 2025
ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header High
CVE-2025-57808 was published for esphome (pip) Sep 2, 2025
bcat
LLama Factory Remote OS Command Injection Vulnerability High
CVE-2024-52803 was published for llamafactory (pip) Nov 21, 2024
superboy-zjc
xml2rfc has an arbitrary file read vulnerability High
GHSA-cfmv-h8fx-85m7 was published for xml2rfc (pip) Aug 26, 2025
LlamaIndex affected by a Denial of Service (DOS) in JSONReader High
CVE-2025-5302 was published for llama-index-core (pip) Aug 26, 2025
Withdrawn Advisory: NULL Pointer Dereference in Protocol Buffers High
CVE-2021-22570 was published for Google.Protobuf (Composer) Jan 27, 2022 withdrawn
joshbressers
Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE) High
CVE-2025-57760 was published for langflow (pip) Aug 25, 2025
chaandrey
Python-Future Module Arbitrary Code Execution via Unintended Import of test.py High
CVE-2025-50817 was published for future (pip) Aug 14, 2025
BarrensZeppelin
Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs High
CVE-2025-57751 was published for pyload-ng (pip) Aug 21, 2025
cyjhhh
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database