Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,690
Maven
5,000+
npm
4,320
NuGet
760
pip
4,096
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,679 advisories

Loading
Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile Moderate
GHSA-4r9r-ch6f-vxmx was published for picklescan (pip) Aug 22, 2025
FredericDT
Credited to FredericDT
Copier's safe template has filesystem write access outside destination path Moderate
CVE-2025-55214 was published for copier (pip) Aug 18, 2025
sisp pawamoy
yajo
Credited to sisp, pawamoy, and yajo
Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-55672 was published for apache-superset (pip) Aug 14, 2025
Apache Superset data query improperly discloses database schema information to low-privileged guest user Moderate
CVE-2025-55673 was published for apache-superset (pip) Aug 14, 2025
Apache Superset has bypass of `DISALLOWED_SQL_FUNCTIONS` that allows execution of blocked SQL functions Moderate
CVE-2025-55674 was published for apache-superset (pip) Aug 14, 2025
Apache Superset allows authenticated users to discover metadata about datasources they don't have permission to access Moderate
CVE-2025-55675 was published for apache-superset (pip) Aug 14, 2025
PyPDF's Manipulated FlateDecode streams can exhaust RAM Moderate
CVE-2025-55197 was published for pypdf (pip) Aug 13, 2025
laura240406 stefan6419846
Credited to laura240406 and stefan6419846
OMERO.web displays unecessary user information when requesting password reset Moderate
CVE-2025-54791 was published for omero-web (pip) Aug 13, 2025
TinyScientist has Path Traversal Vulnerability in PDF Review Function (CWE-22) Moderate
CVE-2025-55149 was published for tiny-scientist (pip) Aug 11, 2025
ExecuTorch integer overflow vulnerability leads to code execution Moderate
CVE-2025-54952 was published for executorch (pip) Aug 8, 2025
uv allows ZIP payload obfuscation through parsing differentials Moderate
CVE-2025-54368 was published for uv (pip) Aug 7, 2025
charliermarsh zanieb
woodruffw thatch calebbrown
Credited to charliermarsh, zanieb, woodruffw, thatch, and calebbrown
Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability Moderate
CVE-2025-5197 was published for transformers (pip) Aug 6, 2025
MaterialX Lack of MTLX Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion Moderate
CVE-2025-53012 was published for MaterialX (pip) Jul 31, 2025
suidpit ndaprela
TheZ3ro smaury
Credited to suidpit, ndaprela, TheZ3ro, and smaury
MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit Moderate
CVE-2025-53009 was published for MaterialX (pip) Jul 31, 2025
suidpit TheZ3ro
ndaprela smaury
Credited to suidpit, TheZ3ro, ndaprela, and smaury
OpenEXR Out-Of-Memory via Unbounded File Header Values Moderate
CVE-2025-48074 was published for OpenEXR (pip) Jul 31, 2025
suidpit ndaprela
TheZ3ro smaury
Credited to suidpit, ndaprela, TheZ3ro, and smaury
OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode Moderate
CVE-2025-48073 was published for OpenEXR (pip) Jul 31, 2025
suidpit ndaprela
TheZ3ro smaury
Credited to suidpit, ndaprela, TheZ3ro, and smaury
OpenEXR Out of Bounds Heap Read due to Bad Pointer Arithmetic in LossyDctDecoder_execute Moderate
CVE-2025-48072 was published for OpenEXR (pip) Jul 31, 2025
suidpit TheZ3ro
ndaprela smaury
Credited to suidpit, TheZ3ro, ndaprela, and smaury
MS SWIFT Deserialization RCE Vulnerability Moderate
GHSA-r54c-2xmf-2cf3 was published for ms-swift (pip) Jul 31, 2025
TencentAISec
Credited to TencentAISec
MS SWIFT WEB-UI RCE Vulnerability Moderate
CVE-2025-41419 was published for ms-swift (pip) Jul 31, 2025
TencentAISec
Credited to TencentAISec
copyparty Reflected XSS via Filter Parameter Moderate
CVE-2025-54589 was published for copyparty (pip) Jul 31, 2025
Ju0x
Credited to Ju0x
Pyload log Injection via API /json/add_package in add_name parameter Moderate
GHSA-3wwm-hjv7-23r3 was published for pyload-ng (pip) Jul 30, 2025
SeaW1nd
Credited to SeaW1nd
copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata Moderate
CVE-2025-54423 was published for copyparty (pip) Jul 28, 2025
altperfect
Credited to altperfect
Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code Moderate
CVE-2025-55013 was published for assemblyline-service-client (pip) Jul 25, 2025
serexp
Credited to serexp
Calibre Web and Autocaliweb have OS Command Injection vulnerability Moderate
CVE-2025-7404 was published for calibreweb (pip) Jul 24, 2025
gelbphoenix
Credited to gelbphoenix
Mezzanine CMS vulnerable to Cross-site Scripting Moderate
CVE-2025-50481 was published for Mezzanine (pip) Jul 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database