Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,943 advisories

Loading
Neo4j Cypher MCP server is vulnerable to DNS rebinding High
CVE-2025-10193 was published for mcp-neo4j-cypher (pip) Sep 11, 2025
eharris128
Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods Moderate
CVE-2025-58065 was published for flask-appbuilder (pip) Sep 11, 2025
copyparty: Sharing a single file does not fully restrict access to other files in source folder Moderate
CVE-2025-58753 was published for copyparty (pip) Sep 9, 2025
OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload High
CVE-2025-58180 was published for octoprint (pip) Sep 9, 2025
prabhatverma47
XGrammar affected by Denial of Service by infinite recursion grammars High
CVE-2025-57809 was published for xgrammar (pip) Aug 25, 2025
xendo
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation High
CVE-2025-57817 was published for ethyca-fides (pip) Sep 8, 2025
thabofletcher erosselli
daveqnet
Fides Webserver API Rate Limiting Vulnerability in Proxied Environments Moderate
CVE-2025-57816 was published for ethyca-fides (pip) Sep 8, 2025
daveqnet eastandwestwind
erosselli
Fides has a Lack of Brute-Force Protections on Authentication Endpoints Low
CVE-2025-57815 was published for ethyca-fides (pip) Sep 8, 2025
thabofletcher daveqnet
Fides' Admin UI User Password Change Does Not Invalidate Current Session Low
CVE-2025-57766 was published for ethyca-fides (pip) Sep 8, 2025
thabofletcher adamsachs
daveqnet
SKOPS Card.get_model happily allows arbitrary code execution High
CVE-2025-54886 was published for skops (pip) Aug 7, 2025
io-no
xgrammar vulnerable to denial of service by huge enum grammar Moderate
CVE-2025-58446 was published for xgrammar (pip) Sep 5, 2025
xendo
internetarchive Vulnerable to Directory Traversal in File.download() Critical
CVE-2025-58438 was published for internetarchive (pip) Sep 5, 2025
pengowray
DeepDiff Class Pollution in Delta class leading to DoS, Remote Code Execution, and more Critical
CVE-2025-58367 was published for deepdiff (pip) Sep 3, 2025
diogotcorreia
Infrahub: Deleted and expired API tokens can still authenticate Moderate
CVE-2025-59036 was published for infrahub-server (pip) Sep 10, 2025
fatih-acar
xml2rfc is vulnerable to arbitrary file reads through prepped files High
GHSA-9mv7-3c64-mmqw was published for xml2rfc (pip) Sep 10, 2025
PyInstaller has local privilege escalation vulnerability High
CVE-2025-59042 was published for pyinstaller (pip) Sep 10, 2025
Indico vulnerable to Cross-Site Scripting via LaTeX math code Moderate
CVE-2025-59035 was published for indico (pip) Sep 10, 2025
ThiefMaster
Indico may disclose unauthorized user details access via legacy API Moderate
CVE-2025-59034 was published for indico (pip) Sep 10, 2025
inkz
Picklescan Bypass is Possible via File Extension Mismatch High
GHSA-jgw4-cr84-mqxg was published for picklescan (pip) Sep 10, 2025
Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check High
GHSA-mjqp-26hc-grxg was published for picklescan (pip) Sep 10, 2025
Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports High
GHSA-f7qq-56ww-84cr was published for picklescan (pip) Sep 10, 2025
davcohen
Django is subject to SQL injection through its column aliases High
CVE-2025-57833 was published for Django (pip) Sep 8, 2025
Monai: Unsafe use of Pickle deserialization may lead to RCE High
CVE-2025-58757 was published for monai (pip) Sep 9, 2025
h3rrr
MONAI: Unsafe torch usage may lead to arbitrary code execution High
CVE-2025-58756 was published for monai (pip) Sep 9, 2025
h3rrr
MONAI does not prevent path traversal, potentially leading to arbitrary file writes High
CVE-2025-58755 was published for monai (pip) Sep 9, 2025
h3rrr
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database