Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,891
Erlang
37
GitHub Actions
38
Go
2,550
Maven
5,000+
npm
4,221
NuGet
745
pip
3,998
Pub
12
RubyGems
953
Rust
1,039
Swift
45
Unreviewed advisories
All unreviewed
5,000+

516 advisories

Loading
Withdrawn Advisory: PyTorch deserialization vulnerability Critical
CVE-2024-7804 was published for torch (pip) Mar 20, 2025 withdrawn
krishanbhasin-px
Credited to krishanbhasin-px
Withdrawn Advisory: Dask Vulnerable to Command Injection Critical
CVE-2024-10096 was published for dask (pip) Mar 20, 2025 withdrawn
krishanbhasin-px
Credited to krishanbhasin-px
PyTorch Lightning path traversal vulnerability Critical
CVE-2024-8019 was published for pytorch-lightning (pip) Mar 20, 2025
Aim External Control of File Name or Path vulnerability Critical
CVE-2024-6829 was published for aim (pip) Mar 20, 2025
DB-GPT Absolute Path Traversal in knowledge/{space_name}/document/upload Critical
CVE-2024-10833 was published for dbgpt (pip) Mar 20, 2025
vLLM Deserialization of Untrusted Data vulnerability Critical
CVE-2024-11041 was published for vllm (pip) Mar 20, 2025
InvokeAI Arbitrary File Deletion vulnerability Critical
CVE-2024-11042 was published for InvokeAI (pip) Mar 20, 2025
DB-GPT vulnerable to Arbitrary File Upload with Path Traversal Critical
CVE-2024-10902 was published for dbgpt (pip) Mar 20, 2025
DB-GPT Absolute Path Traversal vulnerability Critical
CVE-2024-10831 was published for dbgpt (pip) Mar 20, 2025
DB-GPT Arbitrary File Write vulnerability Critical
CVE-2024-10901 was published for dbgpt (pip) Mar 20, 2025
Kedro deserialization vulnerability Critical
CVE-2024-9701 was published for kedro (pip) Mar 20, 2025
BentoML deserialization vulnerability Critical
CVE-2024-9070 was published for bentoml (pip) Mar 20, 2025
Aim path traversal in LockManager.release_locks Critical
CVE-2024-8769 was published for aim (pip) Mar 20, 2025
AgentScope path traversal vulnerability in save-workflow Critical
CVE-2024-8551 was published for agentscope (pip) Mar 20, 2025
AgentScope path traversal vulnerability Critical
CVE-2024-8537 was published for agentscope (pip) Mar 20, 2025
AgentScope Deserialization Vulnerability Critical
CVE-2024-8502 was published for agentscope (pip) Mar 20, 2025
H2O Deserialization of Untrusted Data Vulnerability Critical
CVE-2024-10553 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
Horovod Vulnerable to Command Injection Critical
CVE-2024-10190 was published for horovod (pip) Mar 20, 2025
Duplicate Advisory: Qiskit allows arbitrary code execution decoding QPY format versions < 13 Critical
GHSA-3pwp-2fqj-6g2p was published for qiskit (pip) Mar 14, 2025 withdrawn
Jupyter Server Proxy has a reflected XSS issue in host parameter Critical
CVE-2024-35225 was published for jupyter-server-proxy (pip) Jun 11, 2024
dlqqq
Credited to dlqqq
LTI JupyterHub Authenticator does not properly validate JWT Signature Critical
CVE-2023-25574 was published for jupyterhub-ltiauthenticator (pip) Feb 25, 2025
consideRatio
Credited to consideRatio
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method Critical
CVE-2023-44467 was published for langchain-experimental (pip) Oct 9, 2023
Jupyter Server Proxy's Websocket Proxying does not require authentication Critical
CVE-2024-28179 was published for jupyter-server-proxy (pip) Mar 20, 2024
yuvipanda consideRatio
manics minrk krassowski dlqqq eddelbuettel
Credited to yuvipanda, consideRatio, manics, minrk, krassowski, dlqqq, and eddelbuettel
Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library Critical
CVE-2023-39631 was published for langchain (pip) Sep 1, 2023
eyurtsev
Credited to eyurtsev
python-jose algorithm confusion with OpenSSH ECDSA keys Critical
CVE-2024-33663 was published for python-jose (pip) Apr 26, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database